Cisco Small Business Routers Vulnerabilities

Cisco Routers
Advisory ID:
CVE-2020-3140, CVE-2020-3144, CVE-2020-3323, CVE-2020-3330, CVE-2020-3331
July 17, 2020


According to Cisco, different categories of vulnerabilities were discovered from different Cisco routers. This vulnerabilities ranges from static default credential, Management interface remote command execution, authentication bypass, arbitrary code execution, and privilege escalation.

Description & Consequence

The reported vulnerabilities is said to affect the Cisco Small Business RV110W, RV130, RV130W and RV215W routers, and Cisco Prime License Manager. This vulnerabilities are as a result of the following:

  1.  The RV110W Wireless-N VPN Firewall routers system account has a default and static password which could allow an unauthenticated, remote attacker to take full control of the of the affected device.
  2. The RV110W, RV130, RV130W, and RV215W Routers has an improper validation of user-supplied input in the web-based management interface which could allow attackers to execute arbitrary code as a root user by sending crafted HTTP requests to a targeted device.
  3. The Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router vulnerabilities is due to improper session management on the devices which could allow attackers to bypass authentication and execute arbitrary commands with administrative commands by sending crafted HTTP request to the affected device.
  4. The Cisco Prime License Manager (PLM) Software vulnerability is due to insufficient validation of user input on the web management interface that could allow a remote attacker to gain administrative-level privileges on the system to access to an affected device by submitting a malicious request to an affected system.

At a successful exploitation, a malicious attacker could remotely gain administrative-level privileges, take full control of an affected device, bypass authentication, execute arbitrary commands with administrative commands, and escalate privileges.


  • Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers must agree to follow the terms of the Cisco software license.
  • Customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
  • Customers are advised to upgrade to an appropriate fixed firmware release. (Visit any of the hyperlinks below on the step by step process of upgrades)




Related Articles