CVE DATABASE / CVE-2022-20708
CVE-2022-20708
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Confirmed exploited in the wild. Added 2022-03-03.
Federal remediation due 2022-03-17.
Required action: Apply updates per vendor instructions.
Summary
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory.
CVSS 3.1 breakdown
| Base score | 10 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Attack vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | CHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
- https://www.zerodayinitiative.com/advisories/ZDI-22-417/
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-20708
Data: NIST NVD + CISA KEV. NVD last modified 2025-10-28. Always verify against the vendor advisory before acting.