Security News > 2021 > August > Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed
A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019.
"The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers."
"All too often, after a system or service is replaced, the legacy system or service is left running 'just in case' it is needed again. The problem lies in the fact that - like in the case of this vulnerability in the Universal Plug-and-Play service - the legacy system or service is usually not kept up to date with security updates or configurations," said Dean Ferrando, systems engineer manager at Tripwire.
CVE-2021-34730 marks the second time the company has followed the approach of not releasing fixes for end-of-life routers since the start of the year.
Earlier this April, Cisco urged users to upgrade their routers as a countermeasure to resolve a critical remote code execution bug affecting RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers.
Cisco has also issued an alert for a critical BadAlloc flaw impacting BlackBerry QNX Real-Time Operating System that came to light earlier this week, stating that the company is "Investigating its product line to determine which products and services may be affected by this vulnerability."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/OyKJHymfsVE/critical-flaw-found-in-older-cisco.html
Related news
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)
- QNAP addresses critical flaws across NAS, router software (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-08-18 | CVE-2021-34730 | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 9.8 |