Cisco has advised customers to trade in old Small Business RV VPN routers for newer models, as the old ones have high-severity vulnerabilities that it won’t be patching.
As reported by BleepingComputer, the company recently discovered a vulnerability revolving around insufficient user input validation of incoming HPPT packets. By sending a “specially crafted request” to the web-based management interface of these devices, an attacker could end up with root-level privileges. Essentially, they’d be getting free access to the endpoint (opens in new tab).
Tracked as CVE-2022-20825, the flaw has a severity score of 9.8, so it’s pretty dangerous. It was found in four models: the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router.
End of life
These models, however, have reached end-of-life status and as such will not be patched.
A small caveat is that the web-based remote management interface on WAN connections needs to be enabled for the flaw to be exploitable, and by default, it’s not. Still, many exposed devices can be found with a quick Shodan search.
To double-check if your routers have this feature enabled, log into the web-based management interface, and head over to Basic Settings – Remote Management, and uncheck the box. Furthermore, this is the only way to mitigate the threat, and users are advised to do that before moving on to newer models. Cisco was said to be “actively supporting” models RV132W, RV160, and RV160W.
RV160, together with RV260, RV340, and RV345, recently received a patch for five vulnerabilities with a 10/10 severity rating. Among the possibilities for malicious actors exploiting these flaws are arbitrary code and command execution, elevation of privileges, running unsigned software, circumventing authentication, and assimilating the devices into a botnet for Distributed Denial of Service (DDoS) attacks.
To shield against cyberattacks of all kinds, businesses are advised to keep hardware and software up to date, run an antivirus and firewall (opens in new tab) solution, and educate employees on the dangers of phishing and ransomware.
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba