CVE-2024-20518

Summary

CVE-2024-20518 is a vulnerability found in the web-based management interface of Cisco Small Business RV042, RV042G, RV320, and RV325 routers. It allows an authenticated remote attacker with Administrator-level credentials to execute arbitrary code as the root user due to improper validation of user input. Exploitation occurs through crafted HTTP requests sent to the affected devices. The vulnerability poses a medium severity risk (CVSS score 6.5) with high potential impacts on both integrity and confidentiality of the system. To remediate this issue, organizations should apply available security patches from Cisco and ensure that only authorized personnel have Administrator access to these devices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.