Security News > 2021 > February > Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home
Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user.
Some of the affected devices are also Wi-Fi routers, so could well be in everyday use.
Cisco Small Business VPN routers RV160, RV160W, RV260, RV260P, and RV260W are vulnerable to exploitation if they are running firmware prior to release 1.0.01.02.
RV0XX devices with firmware version 4.2.3.14 or earlier need the fix, as do RV32X devices running 1.5.1.11 and earlier.
Small businesses - especially those without IT staff or contractors - are notoriously bad at managing devices.
Tell your friends in small business to check if they've deployed these devices.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/05/cisco_critical_rv_vpn_router_bugs/
Related news
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- D-Link tells users to trash old VPN routers over bug too dangerous to identify (source)
- QNAP addresses critical flaws across NAS, router software (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Over 25,000 SonicWall VPN Firewalls exposed to critical flaws (source)