Industry News

Cisco Fixes High-Risk Vulnerabilities in Some Small Business RV Series Routers

A number of Cisco Small Business RV Series Routers series were found to be vulnerable to a couple of attacks, and Cisco was quick to explain what the vulnerabilities were and that the patches were issued.

Cisco confirmed that command injection and arbitrary command execution vulnerabilities were found in routers series including RV016, RV042, RV042G, RV082, RV320, and RV325. Both vulnerabilities are considered high risk, which is the main reason for issuing patches so quickly.

“A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system,” Cisco says in the advisory. “When processed, the commands will be executed with root privileges.”

As for the arbitrary command execution vulnerability, Cisco explained that the web-based management interface could let an authenticated, remote attacker execute arbitrary commands with root privileges.

The Cisco developers also said no workaround existed that could bypass these two vulnerabilities. The only way to decrease the eventual attack surface was for admins to disable the Remote Management feature. In fact, a new router has this feature disabled by default.

Even though Cisco released new firmware updates, these are not applied automatically. Users have to install such updates themselves. Vulnerabilities in routers are not uncommon, but many remain unaddressed. One reason is the lack of automatic deployment for security patches.

About the author

Silviu STAHIE

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.