Security News

This report is six months old, and I don't know anything about the organization that produced it, but it has some alarming data about router security. Many routers are powered by very old versions of Linux.

Inseego announced that its new Wavemaker PRO 5G indoor router has been certified for use in Europe, North America and Australia, with additional regulatory certifications pending for other international markets. "Our Wavemaker PRO 5G solutions are changing the way enterprise and SMB customers think about broadband access," said Inseego President Ashish Sharma.

Cisco has addressed a clutch of critical vulnerabilities in its small business and VPN routers that can be exploited by an unauthenticated, remote attacker to execute arbitrary code as the root user. Some of the affected devices are also Wi-Fi routers, so could well be in everyday use.

Cisco has rolled out fixes for multiple critical vulnerabilities in the web-based management interface of Small Business routers that could potentially allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device. The flaws - tracked from CVE-2021-1289 through CVE-2021-1295 - impact RV160, RV160W, RV260, RV260P, and RV260W VPN routers running a firmware release earlier than Release 1.0.01.02.

Cisco this week released software updates to address multiple vulnerabilities across its product portfolio, including critical severity bugs in several small business VPN routers and SD-WAN products. The company warned that the web-based management interface of small business RV160, RV160W, RV260, RV260P, and RV260W VPN routers is affected by seven severe vulnerabilities that could be abused by unauthenticated, remote attackers to execute arbitrary code as root.

Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws exist in the web-based management interface of Cisco's small-business lineup of VPN routers.

Cisco has addressed multiple pre-auth remote code execution vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. The security bugs with a severity rating of 9.8/10 were found in the web-based management interface of Cisco small business routers.

PacketFabric announced it has launched Cloud Router, a multi-cloud connectivity solution. Cloud Router will super-serve the enterprise as well as small business who are seeking a future-proofed way to connect multiple cloud providers.

Cisco this week announced that it does not plan on addressing tens of vulnerabilities affecting some of its small business routers. "Cisco has not released and will not release software updates to address the vulnerabilities described []. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products," the company underlines.

Some of the impacted router models were first introduced in 2012 and appear to lack the same type of patching cadence as more modern D-Link router models. The routers are common home networking devices sold at numerous retail outlets, which means that people working remotely due to the COVID-19 pandemic likely are exposing not only their own environments but also corporate networks to risk, Digital Defense researchers noted.