On April 7th, Cisco released a security advisory announcing the discovery of a vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that could allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code on affected devices.

This vulnerability is being caused by improper validation of user-supplied input in the web-based management interface. A malicious threat actor could exploit this vulnerability by sending specially designed HTTP requests to a targeted device. A successful exploit would allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.

At this time, Cisco has not released software updates that will address this vulnerability. There are also no known workarounds that address this vulnerability.

< Back to Tag
Mar 22, 2022

RCE Vulnerability found in Cisco Small Business RV Series routers

On April 7th, Cisco released a security advisory announcing the discovery of a vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers that could allow for an unauthenticated, remote attacker to execute arbitrary and potentially malicious code on affected devices. This vulnerability is being caused by improper validation of user-supplied input in the web-based management interface. A malicious threat actor could exploit this vulnerability by sending specially designed HTTP requests to a targeted device. A successful exploit would allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device. At this time, Cisco has not released software updates that will address this vulnerability. There are also no known workarounds that address this vulnerability. The full text of this advisory is available here.

Scope of this Vulnerability

The scope of this vulnerability is limited to the affected routers listed below. This vulnerability affects the following Cisco Small Business RV Series Routers: ●     RV110W Wireless-N VPN Firewall ●     RV130 VPN Router ●     RV130W Wireless-N Multifunction VPN Router ●     RV215W Wireless-N VPN Router ●     Determine the Device Configuration The web-based management interface of these devices is available through a local LAN connection, which cannot be disabled, or through the WAN connection if the remote management feature is enabled. By default, the remote management feature is disabled on these devices. To determine whether the remote management feature is enabled on a device, open the web-based management interface and choose Basic Settings > Remote Management. If the Enable check box is checked, remote management is enabled on the device.
unsplash

Affected Customers Are Recommended to Migrate to Cisco Small Business RV132W, RV160, or RV160W Routers

Cisco is not planning to release software updates to address the vulnerabilities described above. Affected customers are recommended to begin the migration process to Cisco Small Business RV132W, RV160, or RV160W Routers.  The affected Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have reached the end of their product life cycle and are being phased out.
Cybersecurity Legal and Compliance Focus: State of Ransomware Historic White Hat Hacking Bounties and the Benefits of White Hat Hacking