CVE-2023-20250 (GCVE-0-2023-20250)
Vulnerability from cvelistv5 – Published: 2023-09-06 16:59 – Updated: 2025-12-16 18:23
VLAI?
Summary
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.
Severity ?
6.5 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Cisco | Cisco Small Business RV Series Router Firmware |
Affected:
1.0.0.30
Affected: 1.0.0.2 Affected: 1.0.0.21 Affected: 1.0.1.1 Affected: 1.0.1.3 Affected: 1.0.1.6 Affected: 1.0.1.99 Affected: 1.0.2.7 Affected: 1.0.2.99 Affected: 1.0.3.14 Affected: 1.0.3.16 Affected: 1.0.3.22 Affected: 1.0.3.28 Affected: 1.0.3.44 Affected: 1.0.3.45 Affected: 1.0.3.51 Affected: 1.0.3.52 Affected: 1.0.3.54 Affected: 1.0.3.55 Affected: 1.1.0.5 Affected: 1.1.0.6 Affected: 1.1.0.9 Affected: 1.2.0.10 Affected: 1.2.0.14 Affected: 1.2.0.15 Affected: 1.2.0.8 Affected: 1.2.0.9 Affected: 1.2.0.99 Affected: 1.2.1.4 Affected: 1.2.1.7 Affected: 1.2.2.1 Affected: 1.2.2.4 Affected: 1.2.2.5 Affected: 1.2.2.8 Affected: 1.3.0.4 Affected: 1.3.0.7 Affected: 1.3.0.8 Affected: 1.3.0.99 Affected: 1.3.1.1 Affected: 1.3.1.4 Affected: 1.3.1.5 Affected: 1.3.1.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:05:35.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cisco-sa-sb-rv-stack-SHYv2f5N",
"tags": [
"x_transferred"
],
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_rv_series_router_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "1.0.3.55",
"status": "affected",
"version": "1.0.0.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.1.0.9",
"status": "affected",
"version": "1.1.0.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.2.2.8",
"status": "affected",
"version": "1.2.0.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.3.1.7",
"status": "affected",
"version": "1.3.0.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_rv_series_router_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "1.0.3.55",
"status": "affected",
"version": "1.0.0.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.1.0.9",
"status": "affected",
"version": "1.1.0.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.2.2.8",
"status": "affected",
"version": "1.2.0.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.3.1.7",
"status": "affected",
"version": "1.3.0.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_rv_series_router_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "1.0.3.55",
"status": "affected",
"version": "1.0.0.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.1.0.9",
"status": "affected",
"version": "1.1.0.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.2.2.8",
"status": "affected",
"version": "1.2.0.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.3.1.7",
"status": "affected",
"version": "1.3.0.4",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "small_business_rv_series_router_firmware",
"vendor": "cisco",
"versions": [
{
"lessThanOrEqual": "1.0.3.55",
"status": "affected",
"version": "1.0.0.2",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.1.0.9",
"status": "affected",
"version": "1.1.0.5",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.2.2.8",
"status": "affected",
"version": "1.2.0.8",
"versionType": "custom"
},
{
"lessThanOrEqual": "1.3.1.7",
"status": "affected",
"version": "1.3.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-20250",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-15T16:37:23.175959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:23:20.984Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco Small Business RV Series Router Firmware",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "1.0.0.30"
},
{
"status": "affected",
"version": "1.0.0.2"
},
{
"status": "affected",
"version": "1.0.0.21"
},
{
"status": "affected",
"version": "1.0.1.1"
},
{
"status": "affected",
"version": "1.0.1.3"
},
{
"status": "affected",
"version": "1.0.1.6"
},
{
"status": "affected",
"version": "1.0.1.99"
},
{
"status": "affected",
"version": "1.0.2.7"
},
{
"status": "affected",
"version": "1.0.2.99"
},
{
"status": "affected",
"version": "1.0.3.14"
},
{
"status": "affected",
"version": "1.0.3.16"
},
{
"status": "affected",
"version": "1.0.3.22"
},
{
"status": "affected",
"version": "1.0.3.28"
},
{
"status": "affected",
"version": "1.0.3.44"
},
{
"status": "affected",
"version": "1.0.3.45"
},
{
"status": "affected",
"version": "1.0.3.51"
},
{
"status": "affected",
"version": "1.0.3.52"
},
{
"status": "affected",
"version": "1.0.3.54"
},
{
"status": "affected",
"version": "1.0.3.55"
},
{
"status": "affected",
"version": "1.1.0.5"
},
{
"status": "affected",
"version": "1.1.0.6"
},
{
"status": "affected",
"version": "1.1.0.9"
},
{
"status": "affected",
"version": "1.2.0.10"
},
{
"status": "affected",
"version": "1.2.0.14"
},
{
"status": "affected",
"version": "1.2.0.15"
},
{
"status": "affected",
"version": "1.2.0.8"
},
{
"status": "affected",
"version": "1.2.0.9"
},
{
"status": "affected",
"version": "1.2.0.99"
},
{
"status": "affected",
"version": "1.2.1.4"
},
{
"status": "affected",
"version": "1.2.1.7"
},
{
"status": "affected",
"version": "1.2.2.1"
},
{
"status": "affected",
"version": "1.2.2.4"
},
{
"status": "affected",
"version": "1.2.2.5"
},
{
"status": "affected",
"version": "1.2.2.8"
},
{
"status": "affected",
"version": "1.3.0.4"
},
{
"status": "affected",
"version": "1.3.0.7"
},
{
"status": "affected",
"version": "1.3.0.8"
},
{
"status": "affected",
"version": "1.3.0.99"
},
{
"status": "affected",
"version": "1.3.1.1"
},
{
"status": "affected",
"version": "1.3.1.4"
},
{
"status": "affected",
"version": "1.3.1.5"
},
{
"status": "affected",
"version": "1.3.1.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\r\n\r This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "cvssV3_1"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "cwe"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T16:58:31.808Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "cisco-sa-sb-rv-stack-SHYv2f5N",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N"
}
],
"source": {
"advisory": "cisco-sa-sb-rv-stack-SHYv2f5N",
"defects": [
"CSCwh17707",
"CSCwh17710",
"CSCwh17709"
],
"discovery": "EXTERNAL"
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2023-20250",
"datePublished": "2023-09-06T16:59:25.474Z",
"dateReserved": "2022-10-27T18:47:50.371Z",
"dateUpdated": "2025-12-16T18:23:20.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N\", \"name\": \"cisco-sa-sb-rv-stack-SHYv2f5N\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T09:05:35.960Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-20250\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2023-11-15T16:37:23.175959Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"small_business_rv_series_router_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0.2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.3.55\"}, {\"status\": \"affected\", \"version\": \"1.1.0.5\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.1.0.9\"}, {\"status\": \"affected\", \"version\": \"1.2.0.8\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.2.8\"}, {\"status\": \"affected\", \"version\": \"1.3.0.4\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.3.1.7\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"small_business_rv_series_router_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0.2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.3.55\"}, {\"status\": \"affected\", \"version\": \"1.1.0.5\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.1.0.9\"}, {\"status\": \"affected\", \"version\": \"1.2.0.8\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.2.8\"}, {\"status\": \"affected\", \"version\": \"1.3.0.4\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.3.1.7\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"small_business_rv_series_router_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0.2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.3.55\"}, {\"status\": \"affected\", \"version\": \"1.1.0.5\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.1.0.9\"}, {\"status\": \"affected\", \"version\": \"1.2.0.8\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.2.8\"}, {\"status\": \"affected\", \"version\": \"1.3.0.4\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.3.1.7\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:cisco:small_business_rv_series_router_firmware:*:*:*:*:*:*:*:*\"], \"vendor\": \"cisco\", \"product\": \"small_business_rv_series_router_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0.2\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.0.3.55\"}, {\"status\": \"affected\", \"version\": \"1.1.0.5\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.1.0.9\"}, {\"status\": \"affected\", \"version\": \"1.2.0.8\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.2.2.8\"}, {\"status\": \"affected\", \"version\": \"1.3.0.4\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.3.1.7\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-10-24T16:48:58.582Z\"}}], \"cna\": {\"source\": {\"defects\": [\"CSCwh17707\", \"CSCwh17710\", \"CSCwh17709\"], \"advisory\": \"cisco-sa-sb-rv-stack-SHYv2f5N\", \"discovery\": \"EXTERNAL\"}, \"metrics\": [{\"format\": \"cvssV3_1\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"Cisco\", \"product\": \"Cisco Small Business RV Series Router Firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0.0.30\"}, {\"status\": \"affected\", \"version\": \"1.0.0.2\"}, {\"status\": \"affected\", \"version\": \"1.0.0.21\"}, {\"status\": \"affected\", \"version\": \"1.0.1.1\"}, {\"status\": \"affected\", \"version\": \"1.0.1.3\"}, {\"status\": \"affected\", \"version\": \"1.0.1.6\"}, {\"status\": \"affected\", \"version\": \"1.0.1.99\"}, {\"status\": \"affected\", \"version\": \"1.0.2.7\"}, {\"status\": \"affected\", \"version\": \"1.0.2.99\"}, {\"status\": \"affected\", \"version\": \"1.0.3.14\"}, {\"status\": \"affected\", \"version\": \"1.0.3.16\"}, {\"status\": \"affected\", \"version\": \"1.0.3.22\"}, {\"status\": \"affected\", \"version\": \"1.0.3.28\"}, {\"status\": \"affected\", \"version\": \"1.0.3.44\"}, {\"status\": \"affected\", \"version\": \"1.0.3.45\"}, {\"status\": \"affected\", \"version\": \"1.0.3.51\"}, {\"status\": \"affected\", \"version\": \"1.0.3.52\"}, {\"status\": \"affected\", \"version\": \"1.0.3.54\"}, {\"status\": \"affected\", \"version\": \"1.0.3.55\"}, {\"status\": \"affected\", \"version\": \"1.1.0.5\"}, {\"status\": \"affected\", \"version\": \"1.1.0.6\"}, {\"status\": \"affected\", \"version\": \"1.1.0.9\"}, {\"status\": \"affected\", \"version\": \"1.2.0.10\"}, {\"status\": \"affected\", \"version\": \"1.2.0.14\"}, {\"status\": \"affected\", \"version\": \"1.2.0.15\"}, {\"status\": \"affected\", \"version\": \"1.2.0.8\"}, {\"status\": \"affected\", \"version\": \"1.2.0.9\"}, {\"status\": \"affected\", \"version\": \"1.2.0.99\"}, {\"status\": \"affected\", \"version\": \"1.2.1.4\"}, {\"status\": \"affected\", \"version\": \"1.2.1.7\"}, {\"status\": \"affected\", \"version\": \"1.2.2.1\"}, {\"status\": \"affected\", \"version\": \"1.2.2.4\"}, {\"status\": \"affected\", \"version\": \"1.2.2.5\"}, {\"status\": \"affected\", \"version\": \"1.2.2.8\"}, {\"status\": \"affected\", \"version\": \"1.3.0.4\"}, {\"status\": \"affected\", \"version\": \"1.3.0.7\"}, {\"status\": \"affected\", \"version\": \"1.3.0.8\"}, {\"status\": \"affected\", \"version\": \"1.3.0.99\"}, {\"status\": \"affected\", \"version\": \"1.3.1.1\"}, {\"status\": \"affected\", \"version\": \"1.3.1.4\"}, {\"status\": \"affected\", \"version\": \"1.3.1.5\"}, {\"status\": \"affected\", \"version\": \"1.3.1.7\"}]}], \"exploits\": [{\"lang\": \"en\", \"value\": \"The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.\"}], \"references\": [{\"url\": \"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-stack-SHYv2f5N\", \"name\": \"cisco-sa-sb-rv-stack-SHYv2f5N\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device.\\r\\n\\r This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"cwe\", \"cweId\": \"CWE-121\", \"description\": \"Stack-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2024-01-25T16:58:31.808Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-20250\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-12-16T18:23:20.984Z\", \"dateReserved\": \"2022-10-27T18:47:50.371Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2023-09-06T16:59:25.474Z\", \"assignerShortName\": \"cisco\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…