Security News > 2021 > August > Critical Flaw Found in Older Cisco Small Business Routers Won't Be Fixed

A critical vulnerability in Cisco Small Business Routers will not be patched by the networking equipment giant, since the devices reached end-of-life in 2019.

"The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are encouraged to migrate to the Cisco Small Business RV132W, RV160, or RV160W Routers."

"All too often, after a system or service is replaced, the legacy system or service is left running 'just in case' it is needed again. The problem lies in the fact that - like in the case of this vulnerability in the Universal Plug-and-Play service - the legacy system or service is usually not kept up to date with security updates or configurations," said Dean Ferrando, systems engineer manager at Tripwire.

CVE-2021-34730 marks the second time the company has followed the approach of not releasing fixes for end-of-life routers since the start of the year.

Earlier this April, Cisco urged users to upgrade their routers as a countermeasure to resolve a critical remote code execution bug affecting RV110W VPN firewall and Small Business RV130, RV130W, and RV215W routers.

Cisco has also issued an alert for a critical BadAlloc flaw impacting BlackBerry QNX Real-Time Operating System that came to light earlier this week, stating that the company is "Investigating its product line to determine which products and services may be affected by this vulnerability."

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/OyKJHymfsVE/critical-flaw-found-in-older-cisco.html