An attacker could exploit this vulnerability by sending a crafted HTTP request to a targeted device. The vulnerability is due to a lack of proper session management controls. An attacker could use this impersonated session to create a new user account or otherwise control the device with the privileges of the hijacked session.
A vulnerability in the session management functionality of the web-based interface for Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to hijack a valid user session on an affected system.