Security News > 2023 > January > Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers
Cisco has warned of two security vulnerabilities affecting end-of-life Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept exploit.
The issues are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system.
A threat actor could exploit it remotely by sending a specially crafted HTTP request to vulnerable routers' web-based management interface to bypass authentication and obtain elevated permissions.
"Cisco has not released and will not release software updates to address the vulnerabilities," the company said.
"Cisco Small Business RV016, RV042, RV042G, and RV082 Routers have entered the end-of-life process."
Hou Liuyang of Qihoo 360 Netlab has been credited with discovering and reporting the flaws to Cisco.
News URL
https://thehackernews.com/2023/01/cisco-issues-warning-for-unpatched.html
Related news
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)
- CISA tags Windows, Cisco vulnerabilities as actively exploited (source)
- Cisco IOS XR vulnerability lets attackers crash BGP on routers (source)
- Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility (source)