CVE-2024-20393
📋 TL;DR
This vulnerability in Cisco Small Business VPN routers allows authenticated remote attackers to escalate privileges from guest to admin by exploiting information disclosure in the web management interface. It affects RV340, RV340W, RV345, and RV345P routers with web management enabled. Attackers can gain full administrative control over affected devices.
💻 Affected Systems
- Cisco RV340
- Cisco RV340W
- Cisco RV345
- Cisco RV345P
📦 What is this software?
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv340 Dual Wan Gigabit Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware by Cisco
View all CVEs affecting Rv340w Dual Wan Gigabit Wireless Ac Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345 Dual Wan Gigabit Vpn Router Firmware by Cisco
View all CVEs affecting Rv345 Dual Wan Gigabit Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
Rv345p Dual Wan Gigabit Poe Vpn Router Firmware by Cisco
View all CVEs affecting Rv345p Dual Wan Gigabit Poe Vpn Router Firmware →
⚠️ Risk & Real-World Impact
Worst Case
Full administrative takeover of the router, enabling traffic interception, network reconfiguration, credential harvesting, and potential lateral movement into connected networks.
Likely Case
Privilege escalation from guest to admin, allowing attackers to modify router settings, create VPN tunnels, disable security features, and potentially install persistent backdoors.
If Mitigated
Limited impact if guest accounts are disabled, web management is restricted to internal networks only, and strong authentication is enforced.
🎯 Exploit Status
Exploitation requires authenticated access (guest account) and involves sending crafted HTTP requests to the web interface.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Cisco advisory for specific fixed versions per model
Vendor Advisory: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms
Restart Required: Yes
Instructions:
1. Log into router web interface as admin. 2. Navigate to Administration > Firmware Upgrade. 3. Download latest firmware from Cisco support site. 4. Upload and install firmware. 5. Reboot router after installation completes.
🔧 Temporary Workarounds
Disable Guest Accounts
allRemove or disable all guest accounts to prevent authenticated access required for exploitation
Navigate to Administration > User Accounts in web interface and disable/delete guest accounts
Restrict Web Management Access
allLimit web interface access to trusted internal IP addresses only
Configure firewall rules to restrict access to router management IP/port from specific source IPs
🧯 If You Can't Patch
- Disable all guest accounts and use only admin accounts with strong passwords
- Restrict web management interface to internal network only using firewall rules
🔍 How to Verify
Check if Vulnerable:
Check firmware version in web interface under Administration > Firmware Upgrade and compare with Cisco advisoryCheck Version:
Log into web interface and navigate to Administration > Firmware Upgrade to view current versionVerify Fix Applied:
Verify firmware version matches or exceeds fixed version listed in Cisco advisory📡 Detection & Monitoring
Log Indicators:
- Multiple failed authentication attempts followed by successful guest login
- Unusual privilege escalation events in system logs
- Configuration changes from non-admin accounts
Network Indicators:
- HTTP requests to management interface with crafted parameters
- Traffic patterns suggesting privilege escalation attempts
SIEM Query:
source="router_logs" AND (event_type="authentication" AND user="guest" AND result="success") OR (event_type="privilege_change" AND from_level="guest" AND to_level="admin")