What is CVE-2023-20128?

CVE-2023-20128 is a high-severity vulnerability in Cisco Small Business Rv Series Router Firmware, classified under CWE-146. CVSS score: 7.2/10. Published 2023-04-05.

How severe is CVE-2023-20128?

High severity. CVSS v3 base score is 7.2 out of 10.

Is CVE-2023-20128 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Cisco Small Business Rv Series Router Firmware

CVE-2023-20128

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying op…

EPSS: 0.033 (87.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.2 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Small Business Rv Series Router Firmware — versions n/a

Weakness classification (CWE)

CWE-146

Public proof-of-concept exploits

winmt/winmt

References

20230405 Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Command Injection Vulnerabilities (vendor-advisory)

Frequently asked questions

What is CVE-2023-20128?: CVE-2023-20128 is a high-severity vulnerability in Cisco Small Business Rv Series Router Firmware, classified under CWE-146. CVSS score: 7.2/10. Published 2023-04-05.
How severe is CVE-2023-20128?: High severity. CVSS v3 base score is 7.2 out of 10.
Is CVE-2023-20128 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.