The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers.
A popular line of tiny business routers designed by Cisco Systems are vulnerable to a superior-severity vulnerability. If exploited, the flaw could allow a distant – albeit authenticated – attacker to execute code or restart influenced products unexpectedly.
Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wi-fi-AC VPN routers. These routers are described by Cisco as “networking-in-a-box” versions that are targeted for smaller or household offices and smaller sized deployments.
The vulnerability (CVE-2021-1287) stems from an issue in the routers’ web-dependent administration interface. It ranks 7.2 out of 10 on the CVSS scale, earning it substantial severity.
“A thriving exploit could allow for the attacker to execute arbitrary code as the root consumer on the fundamental functioning procedure or result in the device to reload, resulting in a denial of assistance (DoS) affliction on the afflicted system,” explained Cisco on Wednesday.
The Cisco Router Vulnerability
The vulnerability stems from the routers’ web-centered administration interface improperly validating consumer-equipped input, stated Cisco. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected product – nonetheless, of take note the attacker would will need to to start with be authenticated to the product (which could be accomplished by way of a phishing attack or other malicious attack, for occasion).
Impacted are RV132W ADSL2+ Wi-fi-N VPN routers jogging a firmware release earlier than Launch 1..1.15 (which is mounted) and RV134W VDSL2 Wi-fi-AC VPN Routers running a firmware release before than Release 1..1.21 (the fastened version). Shizhi He of Wuhan University was credited with reporting the flaw.
“The Cisco Product Security Incident Response Staff (PSIRT) is not informed of any community announcements or destructive use of the vulnerability that is described in this advisory,” said Cisco.
Cisco Flaws: Patches Issued This Calendar year
The patch is only the most recent from Cisco this year. In February, Cisco rolled out fixes for critical holes in its lineup of little-business enterprise VPN routers, which could be exploited by unauthenticated, distant attackers to see or tamper with information, and conduct other unauthorized steps on the routers.
In 2021, Cisco also patched various vulnerabilities across its products lineup, including multiple, critical vulnerabilities in its software package-described networking for vast-location networks (SD-WAN) solutions for company people, and a superior-severity flaw in its wise Wi-Fi option for retailers that could permit a remote attacker to alter the password of any account person on affected systems.
Examine out our free upcoming dwell webinar events – special, dynamic discussions with cybersecurity gurus and the Threatpost neighborhood:
- March 24: Economics of -Day Disclosures: The Fantastic, Lousy and Hideous (Understand much more and sign-up!)
- April 21: Underground Markets: A Tour of the Dark Economic system (Discover more and sign-up!)
Some parts of this article are sourced from:
threatpost.com