Security Vulnerabilities - CVEs Published In April 2023
CVE-2023-20118
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device.
This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device.
Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds ["#workarounds"] section.
{{value}} ["%7b%7bvalue%7d%7d"])}]]
Known exploited
CVSS Score
6.5
EPSS Score
0.021
Published
2023-04-13
Memory Corruption in Multimedia Framework due to integer overflow when synx bind is called along with synx signal.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-04-13
Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.
CVSS Score
8.4
EPSS Score
0.001
Published
2023-04-13
Memory corruption due to use after free in Modem while modem initialization.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-04-13
Memory corruption due to incorrect type conversion or cast in audio while using audio playback/capture when crafted address is sent from AGM IPC to AGM.
CVSS Score
6.7
EPSS Score
0.0
Published
2023-04-13
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length.
CVSS Score
6.8
EPSS Score
0.0
Published
2023-04-13
Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-04-13
Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-04-13
Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-04-13
Memory corruption due to integer overflow to buffer overflow in Modem while parsing Traffic Channel Neighbor List Update message.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-04-13