Security News > 2022 > August > Critical flaws found in four Cisco SMB router ranges – for the second time this year
Cisco has revealed four of its small business router ranges have critical flaws - for the second time in 2022 alone.
A Wednesday advisory warns owners of the RV160, RV260, RV340, and RV345 Series Routers that the vulnerabilities could allow "An unauthenticated, remote attacker to execute arbitrary code or cause a denial of service condition on an affected device."
Cisco says a vulnerability in the web-based management interface of the RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow execution of arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service condition.
"This vulnerability is due to insufficient input validation," Cisco adds, and means an attacker submitting crafted input to the web filter database update feature and then execute commands on the underlying operating system with root privileges.
Patching all three flaws - ASAP - is advised because Cisco warns "The vulnerabilities are dependent on one another."
"Exploitation of one of the vulnerabilities may be required to exploit another vulnerability. In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities."
News URL
https://go.theregister.com/feed/www.theregister.com/2022/08/05/cisco_smb_routers_critical_flaws/
Related news
- DrayTek fixed critical flaws in over 700,000 exposed routers (source)
- CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches (source)
- Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems (source)
- Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) (source)
- Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (source)