Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.
Category Archives: Advisories
ZDI-22-417: (Pwn2Own) Cisco RV340 update-clients Command Injection Remote Code Execution Vulnerability
Read Time:10 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-416: (Pwn2Own) Cisco RV340 NGINX Missing Authentication Information Disclosure Vulnerability
Read Time:8 Second
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.
ZDI-22-415: (Pwn2Own) Cisco RV340 NGINX Improper Authentication Unrestricted File Upload Vulnerability
Read Time:10 Second
This vulnerability allows network-adjacent attackers to create arbitrary files on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
ZDI-22-414: (Pwn2Own) Cisco RV340 SSLVPN Stack-based Buffer Overflow Remote Code Execution Vulnerability
Read Time:7 Second
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability.
ZDI-22-413: (Pwn2Own) Cisco RV340 Firmware Update Improper Certificate Validation Remote Code Execution Vulnerability
Read Time:11 Second
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Cisco RV340 routers. User interaction is required to exploit this vulnerability in that an administrator must perform a firmware update on the device.
ZDI-22-412: (Pwn2Own) Cisco RV340 confd_cli Unnecessary Privileges Local Privilege Escalation Vulnerability
Read Time:11 Second
This vulnerability allows local attackers to escalate privileges on affected installations of Cisco RV340 routers. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-411: (Pwn2Own) Cisco RV340 upload.cgi JSON Command Injection Privilege Escalation Vulnerability
Read Time:9 Second
This vulnerability allows network-adjacent attackers to escalate privileges on affected installations of Cisco RV340 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.
DSA-5085 expat – security update
Read Time:10 Second
Several vulnerabilities have been discovered in Expat, an XML parsing C
library, which could result in denial of service or potentially the
execution of arbitrary code, if a malformed XML file is processed.
USN-5293-1: c3p0 vulnerability
Read Time:9 Second
Aaron Massey discovered that c3p0 could be made to crash when
parsing certain input. An attacker able to modify the application’s
XML configuration file could cause a denial of service.