Security News > 2020 > July > Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers
Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold.
One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls and it allows a remote and unauthenticated attacker to take full control of a device by connecting to it using a default and static password.
The third critical security hole fixed by the company this week in small business routers is CVE-2020-3144, which can be exploited to bypass authentication and execute arbitrary commands with admin privileges by sending malicious HTTP requests to the device.
Cisco also informed customers this week about the availability of patches for high-severity vulnerabilities affecting its SD-WAN solutions and some small business routers.
There is no evidence that any of these vulnerabilities has been exploited in malicious attacks and none of them appears to have been publicly disclosed before Cisco released fixes.
News URL
Related news
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities (source)
- Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Exploited: Cisco, SharePoint, Chrome vulnerabilities (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Patch Tuesday: Four Critical Vulnerabilities Paved Over (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-16 | CVE-2020-3144 | Improper Authentication vulnerability in Cisco products A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. | 9.8 |
| 2020-07-16 | CVE-2020-3330 | Use of Hard-coded Credentials vulnerability in Cisco Rv110W Wireless-N VPN Firewall Firmware A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. | 9.8 |