Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution

Threat Advisories

Cisco Small Business Routers Vulnerable to Authentication Bypass and Remote Code Execution

Threat Level
Vulnerability Report

For a detailed threat advisory, download the pdf file here

Summary

Multiple vulnerabilities were found in the web-based management interface of Cisco Small Business Routers. The authentication bypass vulnerability (CVE-2023-20025) allows an unauthenticated attacker to bypass authentication on an affected device by manipulating user input in incoming HTTP packets. The remote command execution vulnerability (CVE-2023-20026) allows an authenticated attacker to execute arbitrary commands on an affected device by manipulating user input in incoming HTTP packets.