Skip to main content

Cisco End-of-Life Small Business Routers Multiple Vulnerabilities

Release Date: 12 Jan 2023 6252 Views

RISK: Extremely High Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

Multiple vulnerabilities were identified in Cisco's End-of-Life Small Business Routers. A remote attacker could exploit some of these vulnerabilities to remote code execution and security restriction bypass on the targeted system.



Proof of Concept exploit code Is publicly available for CVE-2023-20025 and CVE-2023-20026


Please note the mentioned router devices are End-of-Life products, Cisco has provided wordaround and no patch is currently available for CVE-2023-20025 and CVE-2023-20026.


HKCERT advises users to replace end-of-life products by vendor supported product model.


  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Cisco RV016 Multi-WAN VPN Routers
  • Cisco RV042 Dual WAN VPN Routers
  • Cisco RV042G Dual Gigabit WAN VPN Routers
  • Cisco RV082 Dual WAN VPN Routers


Please refer to the link below for detail:


Please visit the vendor web-site for more details.


Apply workarounds issued by the vendor:



Reduce the vulnerability of attacks by following workaround:


  1. Disable Remote Management
  2. Block Access to Ports 443 and 60443

Vulnerability Identifier


Related Link