In a recent security advisory, Cisco has disclosed multiple vulnerabilities affecting its Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers.

Additionally, Cisco has issued a security advisory regarding a critical vulnerability in its Nexus Dashboard Fabric Controller (NDFC). 

These vulnerabilities could allow an authenticated, remote attacker to elevate privileges and execute arbitrary commands on the underlying operating system of the affected devices.

Unfortunately, Cisco has announced that no software updates will be released to address these issues, as the products have surpassed their End-of-Software Maintenance Releases.

Affected Devices and Configuration

The vulnerabilities impact the following Cisco RV Series Small Business Routers:

• RV340 Dual WAN Gigabit VPN Routers
• RV340W Dual WAN Gigabit Wireless-AC VPN Routers
• RV345 Dual WAN Gigabit VPN Routers
• RV345P Dual WAN Gigabit PoE VPN Routers

These routers are managed via a web-based interface accessible through a local LAN connection or a WAN connection if remote management is enabled.

Remote management is disabled by default. Users can verify if this feature is enabled by navigating to Basic Settings > Remote Management in the web interface.

Vulnerability Details

The advisory details two critical vulnerabilities:

CVE-2024-20393: Privilege Escalation Vulnerability

A vulnerability exists in the web-based management interface due to the disclosure of sensitive information.

An attacker could exploit this weakness by sending specially crafted HTTP inputs to an affected device, which could potentially allow them to elevate their privileges from a guest to an admin.

This vulnerability has a high impact, with a CVSS score of 8.8, and is identified by Bug ID CSCwm27935.

CVE-2024-20470: Remote Code Execution Vulnerability

vulnerability stems from insufficient validation of user-supplied input in the web-based management interface. An attacker with valid admin credentials could exploit this flaw to execute arbitrary code as the root user on the device’s operating system. This vulnerability has a medium impact, with a CVSS score of 4.7, and is identified by Bug ID CSCwk99655.

indicating that while administrative privileges are required, the attack complexity is low and it has a limited impact on confidentiality, integrity, and availability.

No Available Workarounds or Fixes

Cisco has confirmed that there are no workarounds for these vulnerabilities. Moreover, since the affected products are past their software maintenance end dates, no patches will be provided.

Customers are advised to consult end-of-life notices and consider migrating to newer devices that meet their network requirements.

Cisco recommends that customers regularly check security advisories for exposure and upgrade solutions. When migrating to new devices, it’s crucial to ensure they meet network needs, have adequate memory, and support current configurations.

As of now, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious exploitation of these vulnerabilities.

Cisco extends its gratitude to H4lo of Webin DBappSecurity for reporting these vulnerabilities.