CVE-2023-20025: Authentication Bypass Vulnerability in Cisco Small Business RV016, RV042, RV042G, and RV082 Routers

Cisco on Wednesday released a patch to contain a high-risk security vulnerability in its Small Business RV016, RV042, RV042G, and RV082 Routers that could be abused to obtain root access on the underlying operating system.

The bug, assigned the identifier CVE-2023-20025 (CVSS score: 9.0), has been described as an authentication bypass vulnerability, caused by improper validation of user input within incoming HTTP packets. By sending a specially crafted HTTP request to the web-based management interface, an attacker could exploit this vulnerability to bypass authentication and obtain root access on the underlying operating system.

This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to bypass authentication and gain root access on the underlying operating system,” Cisco warned in an advisory.

CVE-2023-20025 impacts the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers.

Another flaw tracked as CVE-2023-20026 (CVSS score: 6.5) also affects Cisco Small Business RV016, RV042, RV042G, and RV082 Routers. The bug has been described as a remote command execution vulnerability. By sending a specially crafted HTTP request to the web-based management interface, an attacker could exploit this vulnerability to execute arbitrary commands on an affected device.

Cisco credited Hou Liuyang of Qihoo 360 Netlab for reporting the bugs. The Cisco PSIRT is aware that proof-of-concept exploits code is available for this vulnerability but has not found any malicious use of the vulnerability. Cisco noted that it “has not and will not release software updates that address this vulnerability.” To migrate these vulnerabilities, administrators can disable remote management and block access to ports 443 and 60443.