CVE-2023-20118

Published Apr 13, 2023

Last updated 2 months ago

Exploit knownCVSS medium 6.5

Overview

AI description

Automated description summarized from trusted sources.

CVE-2023-20118 is a vulnerability affecting the web-based management interface of several Cisco Small Business Routers, including RV016, RV042, RV042G, RV082, RV320, and RV325 models. It stems from improper validation of user input within incoming HTTP packets. An attacker with valid administrative credentials could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. Successful exploitation could allow the attacker to execute arbitrary commands on the device and gain unauthorized access to data. Cisco has stated they will not release software updates to address this vulnerability.

Description
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. This vulnerability is due to improper validation of user input within incoming HTTP packets. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. Cisco has not and will not release software updates that address this vulnerability. However, administrators may disable the affected feature as described in the Workarounds ["#workarounds"] section. {{value}} ["%7b%7bvalue%7d%7d"])}]]
Source
psirt@cisco.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Known exploits

Data from CISA

Vulnerability name
Cisco Small Business RV Series Routers Command Injection Vulnerability
Exploit added on
Mar 3, 2025
Exploit action due
Mar 24, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

psirt@cisco.com
CWE-77
nvd@nist.gov
CWE-77

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

26

  1. 🚨 5,300 routers hijacked—not to attack, but to spy. A shadowy group dubbed ViciousTrap is turning Cisco routers across 84 countries into a massive honeypot-style network—not to attack, but to silently watch. 🔍 Exploiting CVE-2023-20118 👻 Dropping a script called Ne

    @gierek_grzegorz

    23 May 2025

    40 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ViciousTrap exploits CVE-2023-20118 to turn 5,300+ Cisco devices into global honeypots, mainly in Macau, using malware NetGhost for traffic interception and web shells. Stay alert! 🌐 #Malware #Macau #Honeypot https://t.co/whx5JfOdsa

    @TweetThreatNews

    23 May 2025

    54 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2023-20118: Cisco RV router flaw exploited by ViciousTrap. 5,300+ devices hijacked across 84 countries. NetGhost script redirects traffic for silent surveillance. Patch now. #CVE2023 #Cisco #ViciousTrap #CyberSecurity #PatchNow #InfoSec https://t.co/rn5xhz1Kim

    @CloneSystemsInc

    23 May 2025

    118 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. A shadowy group dubbed ViciousTrap is turning Cisco routers across 84 countries into a massive honeypot-style network—not to attack, but to silently watch. 🔍 Exploiting CVE-2023-20118 📷 https://t.co/5lFohYg4AQ https://t.co/wn8RkzHvPD

    @the_onion_coin

    23 May 2025

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 5,300 routers hijacked—not to attack, but to spy. A shadowy group dubbed ViciousTrap is turning Cisco routers across 84 countries into a massive honeypot-style network—not to attack, but to silently watch. 🔍 Exploiting CVE-2023-20118 👻 Dropping a script called Ne

    @TheHackersNews

    23 May 2025

    12150 Impressions

    52 Retweets

    116 Likes

    25 Bookmarks

    0 Replies

    2 Quotes

  6. ViciousTrap has compromised 5,500+ edge devices, deploying NetGhost to redirect traffic and create massive honeypots. Targets mainly end-of-life routers using CVE-2023-20118, mainly in Malaysia. 🕵️‍♂️ #ViciousTrap #Malaysia #Honeypot https://t.co/8jkhFbdXcD

    @TweetThreatNews

    22 May 2025

    88 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  7. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    11 Mar 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  8. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    10 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  9. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    10 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    9 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  11. Cisco Small Business Routers Vulnerabilities (CVE-2023-20025 and CVE-2023-20026 and CVE-2023-20118) #Cisco #CiscoSmallBusinessRouter #CVE202320025 #CVE202320026 #CVE202320118 #CyberSecurity https://t.co/Bu3I1fbM1h https://t.co/tyFIYvwMOh

    @SystemTek_UK

    8 Mar 2025

    81 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    8 Mar 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    7 Mar 2025

    38 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  14. Cybersecurity guy here. The NIST and federal government is hiding the fact that the entire internet is comprised. Chaining exploits has created a HUGE vulnerability CVE-2018-8639, CVE-2023-20118, CVE-2023-20025… don’t believe me? Look it up @elonmusk @teameffujoe @JackPosobiec

    @erickman1979

    7 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    7 Mar 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  16. CISAは、既知の悪用されている脆弱性カタログに新たに5つの脆弱性を追加したことを発表しました。 ・CVE-2023-20118 ・CVE-2022-43939 ・CVE-2022-43769 ・CVE-2018-8639 ・CVE-2024-4885 https://t.co/Exu8c4xTLv https://t.co/qxdw1Rse1y

    @t_nihonmatsu

    5 Mar 2025

    231 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  17. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    5 Mar 2025

    43 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2023-20118 #Cisco Small Business RV Series Routers Command Injection Vulnerability https://t.co/OCaeTIObA4

    @ScyScan

    4 Mar 2025

    61 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CISA has added five critical vulnerabilities to its KEV catalog, with CVE-2018-8639 and CVE-2023-20118 exploited in the wild. Concerns grow over the agency's slow response. ⚠️ #CISACatalog #WindowsExploits #USA link: https://t.co/WpuiarTsDL https://t.co/fWRD4EuwUT

    @TweetThreatNews

    4 Mar 2025

    115 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  20. ⚠️ Vulnerability Alert: Cisco and Hitachi Vulnerabilities 📅 Timeline: Disclosure: 2025-03-03, Due Date: 2025-03-24 📌 Attribution: Cisco Security Team, Hitachi Security Research, and CISA advisories 🆔 cveId: CVE-2023-20118 📊 baseScore: 7.2 📏 cvssMetrics:… https://t.co/0JRS

    @syedaquib77

    4 Mar 2025

    92 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. CISA has identified vulnerabilities CVE-2023-20118 and CVE-2018-8639 in Cisco and Windows systems as actively exploited. CVE-2023-20118 allows command execution on specific VPN routers via an authentication bypass (CVE-2023-20025). https://t.co/q4hhOQPpoN

    @securityRSS

    4 Mar 2025

    51 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  22. ⚠️ Vulnerability Alert: Cisco Small Business Router Vulnerability 📅 Timeline: Disclosure: 2023-04-13, Due Date: 2025-03-24 📌 Attribution: 🆔cveId: CVE-2023-20118 📊baseScore: 6.5 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N cvssSeverity: Medium 🟡… https://t

    @syedaquib77

    4 Mar 2025

    86 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  23. ⚠️ Vulnerability Alert: Cisco and Windows Vulnerabilities 📅 Timeline: Disclosure: 2025-03-03 🆔cveId: CVE-2023-20118, CVE-2018-8639 📊baseScore: 7.2 📏cvssMetrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H cvssSeverity: High 🟠 🛠️exploitMaturity: Actively Exploited… htt

    @syedaquib77

    4 Mar 2025

    72 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    3 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. CISA has alerted US federal agencies to secure Cisco and Windows systems against actively exploited vulnerabilities. The flaws include CVE-2023-20118, allowing command execution on certain routers, and CVE-2018-8639, a Win32k elevation of privilege bug in Windows. #Security https

    @Strivehawk

    3 Mar 2025

    37 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. CISA alerts US federal agencies about actively exploited vulnerabilities in Cisco and Windows systems. Addressing CVE-2023-20118 & CVE-2018-8639 is crucial for security by March 23. ⚠️🇺🇸 #CISAAlert #CyberRisks #USSecurity link: https://t.co/EKe5YhvAfA https://t.co/oiCJ0mdy

    @TweetThreatNews

    3 Mar 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    2 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    1 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Actively exploited CVE : CVE-2023-20118

    @transilienceai

    28 Feb 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. PolarEdge: botnet IoT avanzata che sfrutta vulnerabilità nei router Sicurezza Informatica, attacchi TLS, botnet, cisco, CVE-2023-20118, cyber spionaggio, device, edge, IoT, malware, minacce, PolarEdge, router https://t.co/WEJMjNOkX6 https://t.co/KPEMQhGDSu

    @matricedigitale

    28 Feb 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. 🚨 PolarEdge botnet exploits CVE-2023-20118 in Cisco routers, hijacking ASUS, QNAP, & Synology devices. Global impact with advanced evasion tactics. #CyberSecurity #IoT #Botnet #Cisco #PolarEdge #NetworkSecurity #Infosec #TruBitX https://t.co/qmqfjcTex0

    @TruBitXOfficial

    27 Feb 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. برای روتر های سیسکو مدل Small Business آسیب پذیری با کد شناسایی CVE-2023-20118 و از نوع RCE منتشر شده هکرها با استفاده از این آسیب پذیری در قسمت احراز هویت پنل مدیریتی وب این نوع روتر ها می باشد می تواند کامند برروی روتر اجرانموده وبرای persistenceکردنwebshellنیز بارگزاری کنند. h

    @cybernetic_cy

    27 Feb 2025

    104 Impressions

    2 Retweets

    4 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. برای روتر های سیسکو مدل Small Business آسیب پذیری با کد شناسایی CVE-2023-20118 و از نوع RCE منتشر شده است. هکر می تواند کامند بر روی روتر اجرا نموده و برای persistence کردن webshell نیز بارگزاری کنند. https://t.co/Poz3aKYxT1 https://t.co/kbgfj1Orxo

    @AmirHossein_sec

    26 Feb 2025

    44 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  34. Over 2,000 IoT devices globally have fallen victim to the PolarEdge botnet, exploiting a Cisco router vulnerability (CVE-2023-20118) for remote access. An alarming trend in cybercrime! 🔒🌍 #Cisco #IoTThreats #France link: https://t.co/snJbRBsa96 https://t.co/zLywMIwT1l

    @TweetThreatNews

    26 Feb 2025

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. 🔍 The PolarEdge botnet exposes vulnerabilities in Cisco routers, leveraging CVE-2023-20118 to execute remote commands and deploy web shells. Over 2,000 devices affected worldwide. 🌐 #Cisco #Botnet #USA link: https://t.co/BtdjAq2iK0 https://t.co/C41bRJFQSK

    @TweetThreatNews

    25 Feb 2025

    63 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

References

Sources include official advisories and independent security research.