Security News > 2021 > February > Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home
Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user.
Some of the affected devices are also Wi-Fi routers, so could well be in everyday use.
Cisco Small Business VPN routers RV160, RV160W, RV260, RV260P, and RV260W are vulnerable to exploitation if they are running firmware prior to release 1.0.01.02.
RV0XX devices with firmware version 4.2.3.14 or earlier need the fix, as do RV32X devices running 1.5.1.11 and earlier.
Small businesses - especially those without IT staff or contractors - are notoriously bad at managing devices.
Tell your friends in small business to check if they've deployed these devices.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/05/cisco_critical_rv_vpn_router_bugs/
Related news
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (source)
- D-Link tells users to trash old VPN routers over bug too dangerous to identify (source)