Security News > 2021 > August > Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play service of multiple small business VPN routers will not be patched because the devices have reached end-of-life.
"The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process."
According to an announcement on Cisco's website, the last day these RV Series routers were available for order was December 2, 2019.
The company asks customers who are still using these router models to migrate to newer Cisco Small Business RV132W, RV160, or RV160W Routers that still receive security updates.
The company also released a patch for another zero-day vulnerability in the Cisco AnyConnect Secure Mobility Client VPN software six months after initial disclosure, even though it was aware of publicly available proof-of-concept exploit code.
Even though Cisco did not share the reason behind the delay, a fix was likely not a priority because there was no evidence of in the wild abuse and default configurations were not vulnerable to attacks.
News URL
Related news
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Infoseccers criticize Veeam over critical RCE vulnerability and a failing blacklist (source)
- Critical Ingress NGINX Controller Vulnerability Allows RCE Without Authentication (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- CISA Warns of CentreStack's Hard-Coded MachineKey Vulnerability Enabling RCE Attacks (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)