Security News > 2022 > August > Critical flaws found in four Cisco SMB router ranges – for the second time this year
Cisco has revealed four of its small business router ranges have critical flaws - for the second time in 2022 alone.
A Wednesday advisory warns owners of the RV160, RV260, RV340, and RV345 Series Routers that the vulnerabilities could allow "An unauthenticated, remote attacker to execute arbitrary code or cause a denial of service condition on an affected device."
Cisco says a vulnerability in the web-based management interface of the RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow execution of arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service condition.
"This vulnerability is due to insufficient input validation," Cisco adds, and means an attacker submitting crafted input to the web filter database update feature and then execute commands on the underlying operating system with root privileges.
Patching all three flaws - ASAP - is advised because Cisco warns "The vulnerabilities are dependent on one another."
"Exploitation of one of the vulnerabilities may be required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities."
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/05/cisco_smb_routers_critical_flaws/
Related news
- TP-Link fixes critical RCE bug in popular C5400X gaming router (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- Hackers exploit critical D-Link DIR-859 router flaw to steal passwords (source)