Back to KEVs

CVE-2023-20073

Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Arbitrary File Upload Vulnerability

Basic Information

CVE State
PUBLISHED
Reserved Date
October 27, 2022
Published Date
April 05, 2023
Last Updated
October 28, 2024
Vendor
Cisco
Product
Cisco Small Business RV Series Router Firmware
Description
A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device. This vulnerability is due to insufficient authorization enforcement mechanisms in the context of file uploads. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to upload arbitrary files to the affected device.
Tags
nuclei_scanner

CVSS Scores

CVSS v3.1

5.3 - MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC Information

Exploitation
none
Automatable
Yes
Technical Impact
partial

Exploit Status

Proof of Concept Available
Yes (added 2023-08-18 02:42:50 UTC) Source

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-afu-EXxwA65V

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-11-09 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-20073.yaml 2025-04-25 00:00:00 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

RegularITCat/CVE-2023-20073

Type: github • Created: 2023-08-18 02:42:50 UTC • Stars: 1

PoC based on https://unsafe[.]sh/go-173464.html research

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Proof of Concept Exploit Available

  • Detected by Nuclei

  • Added to KEVIntel