Security News > 2021 > January > Over 70 Vulnerabilities Will Remain Unpatched in EOL Cisco Routers
Cisco this week announced that it does not plan on addressing tens of vulnerabilities affecting some of its small business routers.
"Cisco has not released and will not release software updates to address the vulnerabilities described []. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products," the company underlines.
Eight other vulnerabilities that remain unpatched in the same small business router series have been assessed as medium severity.
"An attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges," Cisco explains.
Three medium-severity vulnerabilities related to the Snort detection engine were found to impact a broad range of Cisco products, including Integrated Services Routers, Cloud Services Router 1000V, Firepower Threat Defense, Integrated Services Virtual Router, and several Meraki product series.
Details on these vulnerabilities can be found in the advisories Cisco published on its security portal.