How severe is CVE-2022-20825?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2022-20825?

This is classified as CWE-121, which is a common weakness in software security.

CVE-2022-20825

CRITICAL Year: 2022

CVSS v3 Score

9.8

Critical

CVSS v2 Score

10.0

Critical

Weakness Type

CWE-121

View all →

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges. Cisco has not released software updates that address this vulnerability.

CVE-2014-9163

CRITICAL

CVSS:9.8(Critical)

Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code ...

CWE-1212014

CVE-2014-9189

CRITICAL

CVSS:9.8(Critical)

Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that coul...

CWE-1212014

CVE-2015-1006

CRITICAL

CVSS:9.8(Critical)

A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versio...

CWE-1212015

CVE-2016-6563

CRITICAL

CVSS:9.8(Critical)

Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, U...

CWE-1212016

CVE-2017-12194

CRITICAL

CVSS:9.8(Critical)

A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbi...

CWE-1212017

CVE-2017-12706

CRITICAL

CVSS:9.8(Critical)

A stack-based buffer overflow issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities where there is a lack of proper validati...

CWE-1212017

CVE-2022-20825

Vulnerability Description

Related Vulnerabilities

CVE-2014-9163

CVE-2014-9189

CVE-2015-1006

CVE-2016-6563

CVE-2017-12194

CVE-2017-12706