Security News > 2023 > January > Cisco Issues Warning for Unpatched Vulnerabilities in EoL Business Routers
Cisco has warned of two security vulnerabilities affecting end-of-life Small Business RV016, RV042, RV042G, and RV082 routers that it said will not be fixed, even as it acknowledged the public availability of proof-of-concept exploit.
The issues are rooted in the router's web-based management interface, enabling a remote adversary to sidestep authentication or execute malicious commands on the underlying operating system.
A threat actor could exploit it remotely by sending a specially crafted HTTP request to vulnerable routers' web-based management interface to bypass authentication and obtain elevated permissions.
"Cisco has not released and will not release software updates to address the vulnerabilities," the company said.
"Cisco Small Business RV016, RV042, RV042G, and RV082 Routers have entered the end-of-life process."
Hou Liuyang of Qihoo 360 Netlab has been credited with discovering and reporting the flaws to Cisco.
News URL
https://thehackernews.com/2023/01/cisco-issues-warning-for-unpatched.html
Related news
- New botnet exploits vulnerabilities in NVRs, TP-Link routers (source)
- Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (source)