漏洞标题
Cisco RV340、 RV340W、 RV345 和 RV345P 双WAN Gigabit VPN路由器的 arbitrary file upload 漏洞
漏洞描述信息
思科RV340、RV340W、RV345和RV345P双WAN千兆位VPN路由器任意文件上传漏洞
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
漏洞类别
N/A
漏洞标题
Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability
漏洞描述信息
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
漏洞类别
危险类型文件的不加限制上传
漏洞标题
Cisco Small Business RV340 代码问题漏洞
漏洞描述信息
Cisco Small Business RV340是美国思科(Cisco)公司的一个路由器。连接两个或多个网络的硬件设备,在网络间起网关的作用。 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers存在安全漏洞,该漏洞源于文件上传上下文中的授权执行机制不足,攻击者利用该漏洞可以将任意文件上传到受影响的设备。
CVSS信息
N/A
漏洞类别
代码问题