CVE-2023-20073

CVE Database · CVE-2023-20073

CVE-2023-20073

· MEDIUMModified

CVSS v3.1

5.3

EPSS

88.87%

Published

Apr 5, 2023

Modified

Nov 21, 2024

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Weaknesses (CWE)

CWE-434CWE-434

Affected Products (8)

cisco · rv340_firmwarevulnerable

cisco · rv340

cisco · rv340w_firmwarevulnerable

cisco · rv340w

cisco · rv345_firmwarevulnerable

cisco · rv345

cisco · rv345p_firmwarevulnerable