Gesamte Überschrift: Cisco RV Series Authentication Bypass / Command Injection Exploit 
Kategorie: remote exploits
Betriebssystem: linux
This Metasploit module exploits two vulnerabilities, a session ID directory traversal authentication bypass (CVE-2022-20705) and a command injection vulnerability (CVE-2022-20707), on Cisco RV160, RV260, RV340, and RV345 Small Business Routers, allowing attackers to execute arbitrary commands with www-data user privileges. This access can then be used to pivot to other parts of the network. This module works on firmware versions 1.0.03.24 and below.

# 0day.today @ http://0day.today/