Security News > 2022 > February > Cisco fixes critical bugs in RV routers, exploit code available
Cisco has released patches for multiple vulnerabilities in the Small Business RV Series router platform that could allow remote attackers to gain complete control over the device, in many cases, without authentication.
In total, there are fifteen vulnerabilities fixed by these security updates, with five of them rated as Critical as threat actors can use them to gain 'root' privileges or remotely execute commands on the device.
Cisco warns that some of these vulnerabilities need to be chained together to exploit an RV series router.
"Some of the vulnerabilities are dependent on one another. Exploitation of one of the vulnerabilities may be required to exploit another vulnerability," explains the Cisco advisory.
Even if your product isn't affected by any critical vulnerabilities, there's always a chance that threat actors will chain several less severe flaws to achieve high-impact attacks.
"The Cisco"Product Security Incident Response Team states that they are aware of proof-of-concept exploit code available for several of the vulnerabilities fixed in these updates.
News URL
Related news
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
- Adobe warns of critical ColdFusion bug with PoC exploit code (source)
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials (source)
- Malware botnets exploit outdated D-Link routers in recent attacks (source)
- Hackers exploit Four-Faith router flaw to open reverse shells (source)
- New Mirai botnet targets industrial routers with zero-day exploits (source)
- Mirai Botnet Variant Exploits Four-Faith Router Vulnerability for DDoS Attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)