CVE-2024-20416

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jul 17, 2024
Updated: Jul 18, 2024
CWE ID 130

Summary

CVE-2024-20416 is a newly disclosed vulnerability affecting the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers. This issue grants authenticated, remote attackers the ability to execute arbitrary code on impacted devices due to insufficient boundary checks during the processing of specific HTTP requests. The vulnerability could be exploited by sending crafted HTTP requests to an affected router, potentially allowing an attacker to gain root-level access to the underlying operating system. Successful exploitation could lead to severe consequences, including unauthorized device control and potential data theft. Users are urged to update their routers with the latest security patches to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share