Security News > 2021 > February > Cisco reveals critical bug in small biz VPN routers when half the world is stuck working at home
Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user.
Some of the affected devices are also Wi-Fi routers, so could well be in everyday use.
Cisco Small Business VPN routers RV160, RV160W, RV260, RV260P, and RV260W are vulnerable to exploitation if they are running firmware prior to release 1.0.01.02.
RV0XX devices with firmware version 4.2.3.14 or earlier need the fix, as do RV32X devices running 1.5.1.11 and earlier.
Small businesses - especially those without IT staff or contractors - are notoriously bad at managing devices.
Tell your friends in small business to check if they've deployed these devices.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/05/cisco_critical_rv_vpn_router_bugs/
Related news
- Cisco warns of critical RCE zero-days in end of life IP phones (source)
- Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261) (source)
- Zyxel warns of critical OS command injection flaw in routers (source)
- Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers (source)
- Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks (source)
- Quad7 botnet targets more SOHO and VPN routers, media servers (source)
- Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)