Cisco RV Series Authentication Bypass / Command Injection
This Metasploit module exploits two vulnerabilities, a session ID
directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340,
and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to
pivot to other parts of the network. This module works on firmware
versions 1.0.03.24 and below.
https://packetstormsecurity.com/files/170988/cisco_rv340_lan.rb.txt
Tue, 14 Feb 2023 15:32:53 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)