Security News > 2023 > January > Over 19,000 end-of-life Cisco routers exposed to RCE attacks
Over 19,000 end-of-life Cisco VPN routers on the Internet are exposed to attacks targeting a remote command execution exploit chain.
By chaining two security flaws disclosed last week, threat actors can bypass authentication and execute arbitrary commands on the underlying operating system of Cisco Small Business RV016, RV042, RV042G, and RV082 routers.
For the time being, Cisco has found no evidence suggesting that this exploit chain is being abused in attacks.
After BleepingComputer reported that these routers would be left without a patch and looking into how many of them are reachable over the Internet, Censys found almost 20,000 RV016, RV042, RV042G, and RV082 Cisco routers online.
Cisco also said it wouldn't fix a critical auth bypass flaw affecting multiple EoL routers in September and advised users to switch to RV132W, RV160, or RV160W routers still under support.
Three months earlier, in June, Cisco again encouraged owners to migrate to newer router models after disclosing a critical remote code execution vulnerability in another series of end-of-life VPN routers that was also left unpatched.
News URL
Related news
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Cisco warns of large-scale brute-force attacks against VPN services (source)
- Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack (source)
- Cisco Warns of Global Surge in Brute-Force Attacks Targeting VPN and SSH Services (source)
- Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- TP-Link fixes critical RCE bug in popular C5400X gaming router (source)
- TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks (source)