Cisco recently disclosed a significant flaw in the upload module of its RV340 and RV345 Dual WAN Gigabit VPN Routers. This vulnerability could enable a remote, authenticated attacker to execute arbitrary code on an affected device.
With a CVSS base score of 6.5, this medium-severity vulnerability is identified as CVE-2024-20416. It arises from insufficient boundary checks when processing specific HTTP requests. "An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device," Cisco explained.
If successfully exploited, the attacker could execute arbitrary code as the root user on the device's underlying operating system. The vulnerability was discovered by Jacob Baines of VulnCheck, Inc.
As of the publication date, the following Cisco Small Business Router Firmware Release 1.0.03.24 or later devices are susceptible to this vulnerability:
* RV340 Dual WAN Gigabit VPN Routers
* RV340W Dual WAN Gigabit Wireless-AC VPN Routers
* RV345 Dual WAN Gigabit VPN Routers
* RV345P Dual WAN Gigabit PoE VPN Routers
Cisco confirmed that the following products are unaffected by this vulnerability:
* RV160 VPN Routers
* RV160W Wireless-AC VPN Routers
* RV260 VPN Routers
* RV260P VPN Routers with PoE
* RV260W Wireless-AC VPN Routers
Cisco stated that it is unaware of any malicious exploitation of this vulnerability or public announcements regarding it.
Cisco has not released and will not release software patches to fix the vulnerability, as the RV340 and RV345 Dual WAN Gigabit VPN Routers have reached the end-of-life process. There are no workarounds for this vulnerability.
Customers are advised to periodically review advisories for Cisco products through the Cisco Security Advisories page when considering device migration to identify exposure and find a comprehensive update solution.
