Cisco has corrected a number of significant security flaws in its RV Series routers that could be used to elevate privileges and run arbitrary code on affected systems, as well as warning of the existence of proof-of-concept (PoC) attack code targeting some of these defects.
Three of the 15 issues, CVE-2022-20699, CVE-2022-20700, and CVE-2022-20707, have a CVSS rating of 10.0 and affect the company’s Small Business RV160, RV260, RV340, and RV345 Series routers.