Advisory Details

September 8th, 2020

Cisco RV340 upload.cgi Command Injection Remote Code Execution Vulnerability

ZDI-20-1100
ZDI-CAN-10640

CVE ID CVE-2020-3451
CVSS SCORE 5.5, AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AFFECTED VENDORS Cisco
AFFECTED PRODUCTS RV340
VULNERABILITY DETAILS

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is required to exploit this vulnerability.

The specific flaw exists within the handling of the fileparam parameter provided to the upload.cgi endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the www-data user.

ADDITIONAL DETAILS Cisco has issued an update to correct this vulnerability. More details can be found at:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-osinj-rce-pwTkPCJv
DISCLOSURE TIMELINE
  • 2020-05-26 - Vulnerability reported to vendor
  • 2020-09-08 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES