How severe is CVE-2023-20026?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.2 out of 10.

What type of vulnerability is CVE-2023-20026?

This is classified as CWE-77, which is a common weakness in software security.

CVE-2023-20026 - HIGH Severity | CVSS 7.2

Vulnerability Description

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.

Related Vulnerabilities

CVE-2015-4046

HIGH

CVSS:7.2(High)

The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php.

CWE-772015

CVE-2016-6656

HIGH

CVSS:7.2(High)

An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation of external tables using GPHDFS protocol has a vulnerability whereby arbitrary commands can be injected into the system. In order...

CWE-772016

CVE-2016-8801

HIGH

CVSS:7.2(High)

Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions allows attackers with administrator privilege to inject a command into a specific command's parameters, and run this injected command ...

CWE-772016

CVE-2016-9553

HIGH

CVSS:7.2(High)

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (/...

CWE-772016

CVE-2016-9554

HIGH

CVSS:7.2(High)

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occur...

CWE-772016

CVE-2017-12075

HIGH

CVSS:7.2(High)

Command injection vulnerability in EZ-Internet in Synology DiskStation Manager (DSM) before 6.2-23739 allows remote authenticated users to execute arbitrary command via the username parameter.

CWE-772017