CVE-2023-20118

A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.<br /> <br /> This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.<br /> <br /> Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds ["#workarounds"] section.<br /> <br /> {{value}} ["%7b%7bvalue%7d%7d"])}]]