CVE-2022-20827

high-risk

Published 2022-08-10

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Do I need to act?

5.8% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.0/10 Critical

NETWORK / HIGH complexity

Affected Products (9)

Rv160 Firmware

Rv160W Firmware

Rv260 Firmware

Rv260P Firmware

Rv260W Firmware

Rv340 Firmware

Rv340W Firmware

Rv345 Firmware

Rv345P Firmware

Affected Vendors

Cisco

References (2)

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-s...

/ 100

high-risk

Severity 26/34 · High

Exploitability 9/34 · Low

Exposure 15/34 · Moderate