Multiple end-of-life (EoL) VPN routers are affected by a critical authentication bypass issue that Cisco alerted customers about today. Hou Liuyang of Qihoo 360 Netlab discovered the security weakness (CVE-2023-20025) in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.
It results from incorrect user input validation in incoming HTTP packets. It can be remotely exploited by unauthenticated attackers by sending a specially crafted HTTP request to the web-based management interface of susceptible routers.