Cisco RV042 and RV042G routers suffer a zero-day vulnerability: the CVE-2020-3431. CyCognito experts: A Cross-Site Scripting (XSS) flaw gives cybercrime an easy path for taking control of a router administrator’s web configuration utility. The issue has been fixed with a patch

Cisco RV042 and RV042G routers suffer a zero-day vulnerability: the CVE-2020-3431. It has been discovered by CyCognito cyber security experts. It’s a Cross-Site Scripting (XSS) flaw, due to insufficient validation of user-supplied input by the web-based management interface of the affected software. It gives attackers an easy path for taking control of a router administrator’s web configuration utility, a position that allows them to perform all admin actions, from viewing and modifying sensitive information to taking control of the router or having the ability to move laterally and gain access to other systems, as well as the ability to phish for credentials. The researchers notified the problem to the manufacturer and then worked together with it on the issue. The company, in fact, recently released a patch that solves it.