Security News > 2021 > February > Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home
Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user.
Some of the affected devices are also Wi-Fi routers, so could well be in everyday use.
Cisco Small Business VPN routers RV160, RV160W, RV260, RV260P, and RV260W are vulnerable to exploitation if they are running firmware prior to release 1.0.01.02.
RV0XX devices with firmware version 4.2.3.14 or earlier need the fix, as do RV32X devices running 1.5.1.11 and earlier.
Small businesses - especially those without IT staff or contractors - are notoriously bad at managing devices.
Tell your friends in small business to check if they've deployed these devices.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/05/cisco_critical_rv_vpn_router_bugs/
Related news
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Critical Cisco Smart Licensing Utility flaws now exploited in attacks (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- ASUS Confirms Critical Flaw in AiCloud Routers; Users Urged to Update Firmware (source)