Security News

Cisco is rolling out fixes for critical holes in its lineup of small-business VPN routers. The flaws exist in the web-based management interface of Cisco's small-business lineup of VPN routers.

Cisco has addressed multiple pre-auth remote code execution vulnerabilities affecting several small business VPN routers and allowing attackers to execute arbitrary code as root on successfully exploited devices. The security bugs with a severity rating of 9.8/10 were found in the web-based management interface of Cisco small business routers.

PacketFabric announced it has launched Cloud Router, a multi-cloud connectivity solution. Cloud Router will super-serve the enterprise as well as small business who are seeking a future-proofed way to connect multiple cloud providers.

Cisco this week announced that it does not plan on addressing tens of vulnerabilities affecting some of its small business routers. "Cisco has not released and will not release software updates to address the vulnerabilities described []. The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process. Customers are advised to refer to the end-of-life notices for these products," the company underlines.

Some of the impacted router models were first introduced in 2012 and appear to lack the same type of patching cadence as more modern D-Link router models. The routers are common home networking devices sold at numerous retail outlets, which means that people working remotely due to the COVID-19 pandemic likely are exposing not only their own environments but also corporate networks to risk, Digital Defense researchers noted.

D-Link is working on releasing firmware updates to address two command injection vulnerabilities that affect multiple VPN router models. Security researchers at Digital Defense identified a total of three vulnerabilities that affect several D-Link VPN routers, including authenticated and unauthenticated command injection flaws, and an authenticated crontab injection issue.

The Digital Defense Vulnerability Research Team uncovered a previously undisclosed vulnerability affecting D-Link VPN routers. D-Link DSR-150, DSR-250, DSR-500 and DSR-1000AC VPN routers running firmware version 3.14 and 3.17 are vulnerable to a remotely exploitable root command injection flaw.

A vulnerability in D-link firmware powering multiple routers with VPN passthrough functionality allows attackers to take full control of the device. Reported by Digital Defense's Vulnerability Research Team on August 11, the flaw is a root command injection that can be exploited remotely if the device's "Unified Services Router" web interface is reachable over the public internet.

Some widely sold D-Link VPN router models have been found vulnerable to three new high-risk security vulnerabilities, leaving millions of home and business networks open to cyberattacks-even if they are secured with a strong password. Discovered by researchers at Digital Defense, the three security shortcomings were responsibly disclosed to D-Link on August 11, which, if exploited, could allow remote attackers to execute arbitrary commands on vulnerable networking devices via specially-crafted requests and even launch denial-of-service attacks.

ADTRAN announced it has expanded its suite of NetVanta access routers to offer improved speed and capacity for fiber-based IP connectivity to the enterprise. The NetVanta 3148 and 4148 access routers combine a wide range of capabilities into one complete platform for advanced versatility and better price performance.