Critical vulnerability(ies) in Cisco Small Business RV Series Routers

A vulnerability in the SSL VPN module of Cisco Small Business RV Series routers could allow an unauthenticated, external attacker to execute arbitrary code on an affected device.

Critical vulnerability(ies) in Cisco Small Business RV Series Routers

CVE ID: CVE-2022-20699

A vulnerability in the SSL VPN module of Cisco Small Business RV Series routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

This vulnerability is due to inadequate boundary checks in the processing of certain HTTP requests. An attacker could take advantage of this vulnerability by sending malicious HTTP requests to the affected device acting as an SSL VPN gateway. A successful exploit could allow the attacker to remotely execute code with root privileges on the affected device.

Affected products

  • RV340 Dual WAN Gigabit VPN Router

  • RV340W Dual WAN Gigabit Wireless AC VPN Router

  • RV345 Dual WAN Gigabit VPN Router

  • RV345P Dual WAN Gigabit POE VPN Router

Cisco Product

Vulnerable Release

Fixed Release

RV160 and RV260 Series Routers

1.0.01.05 and earlier

1.0.01.07 (except CVE-2022-20705)

RV340 and RV345 Series Routers

1.0.03.24

1.0.03.26

Also, there are other critical vulnerabilities (see Other vulnerabilities) that are (partially) fixed by the software patch (see Cisco Security Advisory).

Our recommendation

We strongly recommend updating the affected Cisco products to the latest version, as there are already proof of concept exploits that make it easier for inexperienced attackers to exploit this vulnerability(ies). For those products that do not yet have an update, no workaround exists either. However, updates will follow in the course of the month. Until there are, we recommend disabling the SSL VPN gateway. We are already in the process of integrating these vulnerabilities into our scan engines.

Other vulnerabilities

There are other vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 series routers that could allow an attacker to perform any of the following:

  • Execute arbitrary code

  • Elevate privileges

  • Execute arbitrary commands

  • Bypass authentication and authorization protections

  • Fetch and run unsigned software

  • Cause denial of service (DoS)

More information on these vulnerabilities and updates on software patches can be read here.

Bernhard Schildendorfer

February 7, 2022

Category

Guide

Might be also Interesting

Guide

NIS2 in Practice: What Managed Service Providers Need to Know Now

The NIS2 Directive places new demands on companies throughout Europe and simultaneously raises expectations of their IT service providers. In addition to technical measures, the focus is shifting to transparency and verifiability. This article shows what this means in concrete terms and how the requirements can be implemented in practice.

April 20, 2026

Guide

Lywand vs. RMM – Differences & Why the Combination is Essential

RMM tools are indispensable when it comes to ensuring stable and efficient IT operations. However, when it comes to IT security, they quickly reach their limits. Find out why a vulnerability management system is the ideal addition—and how MSPs can use it to strengthen their services in the long term.

September 10, 2025

Guide

Patch management under control? The reality often shows something different.

How a security audit uncovered unexpected weaknesses in patch management - and was the start of a sustainable security strategy.

April 29, 2025