Security News > 2023 > January > Over 19,000 end-of-life Cisco routers exposed to RCE attacks
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.
By chaining two security flaws disclosed last week, threat actors can bypass authentication and execute arbitrary commands on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.
For the time being, Cisco has found no evidence suggesting that this exploit chain is being abused in attacks.
After BleepingComputer reported that these routers would be left without a patch and looking into how many of them are reachable over the Internet, Censys found almost 20,000 RV016, RV042, RV042G, and RV082 Cisco routers online.
Cisco also said it wouldn't fix a critical auth bypass flaw affecting multiple EoL routers in September and advised users to switch to RV132W, RV160, or RV160W routers still under support.
Three months earlier, in June, Cisco again encouraged owners to migrate to newer router models after disclosing a critical remote code execution vulnerability in another series of end-of-life VPN routers that was also left unpatched.
News URL
Related news
- Critical Ivanti RCE flaw with public exploit now used in attacks (source)
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- CISA says critical Fortinet RCE flaw now exploited in attacks (source)
- Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack (source)
- Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
- Emergency patch: Cisco fixes bug under exploit in brute-force attacks (source)
- New Cisco ASA and FTD features block VPN brute-force password attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)