Cisco Plugs Security Hole in Small Business Routers

by | Mar 18, 2021

cisco vulnerability RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers

Post Views: 691

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">
 
 
 

 

 

Reading Time: 1 Minute

 

The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers.

 
 
 
 

 

 

A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly.

Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers. These routers are described by Cisco as “networking-in-a-box” models that are targeted for small or home offices and smaller deployments.

The vulnerability (CVE-2021-1287) stems from an issue in the routers’ web-based management interface. It ranks 7.2 out of 10 on the CVSS scale, making it high severity.

“A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device,” said Cisco on Wednesday.

 

 

 

The Cisco Router Vulnerability

The vulnerability stems from the routers’ web-based management interface improperly validating user-supplied input, said Cisco. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device – however, of note the attacker would need to first be authenticated to the device (which could be achieved via a phishing attack or other malicious attack, for instance).

Affected are RV132W ADSL2+ Wireless-N VPN routers running a firmware release earlier than Release 1.0.1.15 (which is fixed); and RV134W VDSL2 Wireless-AC VPN Routers running a firmware release earlier than Release 1.0.1.21 (the fixed version). Shizhi He of Wuhan University was credited with reporting the flaw.

“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” said Cisco.

 

 

 

See Also: Offensive Security Tool: Skipfish

 
 
 
 

Cisco Flaws: Patches Issued This Year

 

The patch is only the latest from Cisco this year. In FebruaryCisco rolled out fixes for critical holes in its lineup of small-business VPN routers, which could be exploited by unauthenticated, remote attackers to view or tamper with data, and perform other unauthorized actions on the routers.

In 2021, Cisco also patched various vulnerabilities across its product lineup, including multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users, and a high-severity flaw in its smart Wi-Fi solution for retailers that could allow a remote attacker to alter the password of any account user on affected systems.

 

 

See Also: Hacking Stories: Albert Gonzalez & the ‘Get Rich or Die Trying’ Crew who stole 130 million credit-card numbers

 

 

 

 

Source: https://threatpost.com

 

 
(Click Link)

 

 

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This