Cisco Discloses Several Flaws in its Small Business RV Series Routers

On February 2, Cisco disclosed 15 vulnerabilities across its Small Business RV Series routers:

• CVE-2022-20699
• CVE-2022-20700
• CVE-2022-20701
• CVE-2022-20702
• CVE-2022-20703
• CVE-2022-20704
• CVE-2022-20705
• CVE-2022-20706
• CVE-2022-20707
• CVE-2022-20708
• CVE-2022-20749
• CVE-2022-20709
• CVE-2022-20710
• CVE-2022-20711
• CVE-2022-20712

The following routers are impacted by these flaws:

• RV160 VPN Routers
• RV160W Wireless-AC VPN Routers
• RV260 VPN Routers
• RV260P VPN Routers with PoE
• RV260W Wireless-AC VPN Routers
• RV340 Dual WAN Gigabit VPN Routers
• RV340W Dual WAN Gigabit Wireless-AC VPN Routers
• RV345 Dual WAN Gigabit VPN Routers
• RV345P Dual WAN Gigabit POE VPN Routers

Three of the 15 flaws were assigned a perfect CVSSv3 score of 10.0:

• CVE-2022-20699
• CVE-2022-20700
• CVE-2022-20708 

For more information about these vulnerabilities, including the availability of patches and Tenable product coverage, please visit our blog.