Remote Exploits Possible Due to Vulnerabilities in Cisco Small Business Routers

Cisco has recently published a security advisory revealing multiple vulnerabilities in its Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers, alongside a critical flaw in its Nexus Dashboard Fabric Controller (NDFC).

These security issues could allow an authenticated, remote attacker to gain elevated privileges and execute arbitrary commands on the affected devices’ operating systems.

Unfortunately, since the products have reached their End-of-Software Maintenance Releases, Cisco will not be providing any software updates to resolve these vulnerabilities.

Affected Devices

The vulnerabilities affect the following models:

  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit PoE VPN Routers

These routers are typically managed via a web-based interface, accessible through either a local LAN or WAN connection, if remote management is enabled. Remote management is turned off by default, but users can verify this by checking the Basic Settings > Remote Management section in the web interface.

Vulnerability Overview

Cisco’s advisory identifies two main vulnerabilities:

  1. CVE-2024-20393: Privilege Escalation
    This vulnerability arises from the improper handling of sensitive information in the web-based management interface. Exploiting this flaw could allow an attacker to elevate their access from guest to admin by sending specially crafted HTTP requests to the device. It has a CVSS score of 8.8 and is tracked under Bug ID CSCwm27935.
  2. CVE-2024-20470: Remote Code Execution
    This issue stems from insufficient input validation in the web-based management interface. An attacker with valid admin credentials could exploit this flaw to run arbitrary code as the root user on the device’s operating system. It carries a CVSS score of 4.7 and is identified by Bug ID CSCwk99655.

No Fixes or Workarounds Available

Cisco has confirmed that no workarounds exist for these vulnerabilities, and since the affected routers are past their software maintenance period, no patches will be issued. Users are encouraged to consult end-of-life notices and consider upgrading to newer devices that meet their network needs.

Although there have been no reports of these vulnerabilities being publicly exploited, Cisco’s Product Security Incident Response Team (PSIRT) is closely monitoring the situation. Cisco acknowledged the contribution of H4lo from Webin DBappSecurity for discovering the issues.

Share this post :