Cisco RV Series Authentication Bypass / Command Injection

Posted by deepcore on February 15, 2023 – 5:08 am

This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Cisco RV Series Authentication Bypass / Command Injection XWorm Trojan 2.1 NULL Pointer Dereference »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Cisco RV Series Authentication Bypass / Command Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL