Cisco Small Business RV Series Routers Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.

N/A

在命令中使用的特殊元素转义处理不恰当(命令注入)

多款Cisco产品命令注入漏洞

Cisco Small Business RV016 Multi-WAN VPN等都是美国思科（Cisco）公司的一款VPN路由器。 多款Cisco产品中的Web管理界面存在命令注入漏洞，该漏洞源于程序没有正确验证用户提交的输入。远程攻击者可通过发送恶意的请求利用该漏洞以root权限执行任意命令。以下产品及版本受到影响：Cisco Small Business RV016 Multi-WAN VPN 4.2.3.10及之前版本；RV042 Dual WAN VPN 4.2.3.10及之前版本；RV042G

N/A

N/A