Cisco Informs It Won T Set Zero Day Rce In End Of Life Vpn Routers
Cisco suggests end-of-life small business RV routers owners to upgrade new models after revealing remote code execution vulnerability that will not be patched. However, the vulnerability is tracked as CVE-2022-20825 and has a CVSS severity rating of 9.8 out of 10.0. According to a Cisco security advisory, the defect exists because of insufficient user input validation of incoming HTTP packets on the impacted devices. However, an attacker can defeat it by sending specially crafted requests to the web-based management interface resulting in command execution with root-level privileges....