Subscribe via feed.

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

Posted by deepcore on May 12, 2022 – 12:18 am

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router’s SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier. Successful execution of this module results in a reverse root shell. A custom payload is used as Metasploit does not have ARMLE null free shellcode. This vulnerability was presented by the Flashback Team in Pwn2Own Austin 2021 and OffensiveCon 2022. For more information check the referenced advisory. This module has been tested in firmware versions 1.0.03.15 and above and works with around 65% reliability. The service restarts automatically so you can keep trying until you pwn it. Only the RV340 router was tested, but other RV series routers should work out of the box.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.