CVE-2024-20416

MEDIUM EPSS 53.8%

Published Jul 17, 20241y ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Jul 17, 2024 1y ago

Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device.

CVSS Details

Base Score

6.5

Exploitability

1.2

Impact

5.2

Vector string

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector Network

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability None

Threat Intelligence

EPSS Exploit Probability

53.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-130

References 1

sec.cloudapps.cisco.com https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv34x-rce-7pqFU2e

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.