CVE-2023-20118 - Cisco Small Business RV Series Routers Command Injection Vulnerability

Cisco | Small Business RV Series Routers

• Date Added:
• 2025-03-03

• Due Date:
• 2025-03-24

Vulnerability Name

Cisco Small Business RV Series Routers Command Injection Vulnerability

Description

Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 ; https://nvd.nist.gov/vuln/detail/CVE-2023-20118

Top Security News

Microsoft confirms it's killing off Skype in May, after 14 years

Data Leak Exposes TopSec's Role in China's Censorship-as-a-Service Operations

U.S. recovers $31 million stolen in 2021 Uranium Finance hack

EncryptHub breaches 618 orgs to deploy infostealers, ransomware

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)

Mozilla Updates Firefox Terms Again After Backlash Over Broad Data License Language

Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries

Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)

Common Alerts

HighXML External Entity Attack

LowIn Page Banner Information Leak

MediumContent Security Policy (CSP) Header Not Set

MediumAuthentication Credentials Captured

InformationalContent-Type Header Empty

InformationalServer Leaks its Webserver Application via "Server" HTTP Response Header Field

LowCSP: X-Content-Security-Policy

MediumFile Upload

MediumHTTP Parameter Override

HighCORS Misconfiguration

Latest CVE List

CVE-2023-20118 Cisco Small Business RV Series Routers Command Injection Vulnerability

CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability

CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability

CVE-2024-4885 Progress WhatsUp Gold Path Traversal Vulnerability

CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability

CVE-2023-34192 Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

CVE-2017-3066 Adobe ColdFusion Deserialization Vulnerability

CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability

CVE-2025-24989 Microsoft Power Pages Improper Access Control Vulnerability

Top CWE List

CWE-693 Protection Mechanism Failure

HighCWE-200 Exposure of Sensitive Information to an Unauthorized Actor

HighCWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-1426 Improper Validation of Generative AI Output

CWE-581 Object Model Violation: Just One of Equals and Hashcode Defined

CWE-201 Insertion of Sensitive Information Into Sent Data

CWE-1193 Power-On of Untrusted Execution Core Before Enabling Fabric Access Control

CWE-1298 Hardware Logic Contains Race Conditions

CWE-1125 Excessive Attack Surface

CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)