Security News > 2022 > October > ConnectWise fixes RCE bug exposing R1Soft backup servers to attacks
ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions.
Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.
According to a Shodan scan, more than 4,800 Internet-exposed R1Soft servers are likely exposed to attacks if they haven't been patched since ConnectWise has released patches for this RCE bug.
"Affected ConnectWise Recover SBMs have automatically been updated to the latest version of Recover," ConnectWise said.
On the other hand, R1Soft users were advised to "Upgrade the server backup manager to SBM v6.16.4 released October 28, 2022 using the R1Soft upgrade wiki."
The company also recommended patching all impacted R1Soft backup servers as soon as possible.
News URL
Related news
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)
- Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware (source)
- Hidden Threats: How Microsoft 365 Backups Store Risks for Future Attacks (source)