Security News > 2022 > February > Cisco plugs critical flaws in small business routers
Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code execution or execute arbitrary commands on the underlying Linux operating system.
"The Cisco PSIRT is aware that proof-of-concept exploit code is available for several of the vulnerabilities that are described in this advisory," the company said in the accompanying security advisory.
Luckily, the PoCs aren't public - Cisco refers to the exploits used by security researchers to "Pwn" the Cisco RV340 router at the Pwn2Own hacking contest held in Austin, Texas, in November 2021.
View or alter information that is shared between an affected device and specific Cisco servers.
Defeat authentication protections and access the devices's web UI. Inject and execute arbitrary commands on the underlying operating system.
"Some of the vulnerabilities are dependent on one another. Exploitation of one of the vulnerabilities may be required to exploit another vulnerability," Cisco added.
News URL
https://www.helpnetsecurity.com/2022/02/03/cisco-small-business-routers/
Related news
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)