CVE-2024-20470
HIGHDescription
A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. In order to exploit this vulnerability, the attacker must have valid admin credentials. This vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system.
Is your site exposed to CVE-2024-20470?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv340_dual_wan_gigabit_vpn_router |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router_firmware |
| cisco | rv340w_dual_wan_gigabit_wireless-ac_vpn_router |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router_firmware |
| cisco | rv345_dual_wan_gigabit_vpn_router |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router_firmware |
| cisco | rv345p_dual_wan_gigabit_poe_vpn_router |
References
Frequently Asked Questions
What is CVE-2024-20470? +
How severe is CVE-2024-20470? +
What products are affected by CVE-2024-20470? +
How do I check if I'm vulnerable to CVE-2024-20470? +
Related Vulnerabilities
A vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to …
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons …
A vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could …
A vulnerability in the Out-of-Band Access Point (AP) Image Download, the Clean Air Spectral Recording, and the client debug bundles …
A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload …
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) …