Critical vulnerabilities found in Cisco Small Business Routers allows hackers to execute arbitrary code

0

Cisco releases a security advisory for Cisco Small Business Routers about the Critical vulnerabilities that allow hackers to execute arbitrary code on the target systems

Cisco is an American multinational company that develops, manufactures, and sells networking hardware, software, telecommunications equipment, and other high-technology services and products. Cisco Small Business RV Series Routers offer virtual private networking (VPN) technology so your remote workers can connect to your network through a secure Internet pathway.

Cisco on Wednesday has released a security advisory for Cisco Small Business Routers about the Critical vulnerabilities that allow hackers to execute arbitrary code on the target systems.

According to the company, there are 4 critical flaws that affect the Small Business Routers, they are listed below:

  1. The first flaw is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls, and allows a remote and unauthenticated attacker to take full control of a device by connecting to it using default and static password.
  2. The second flaw is tracked as CVE-2020-3323 that affects Small Business RV110W, RV130, RV130W, and RV215W routers. It allows a remote hacker to execute arbitrary code on the targeted device with root privileges by sending it a specially crafted HTTP request. Exploitation does not require authentication.
  3. The third critical flaw is tracked as CVE-2020-3144, which can be exploited to bypass authentication and execute arbitrary commands with admin privileges by sending malicious HTTP requests to the device. RV110W Wireless-N VPN firewalls and RV130 VPN, RV130W Wireless-N Multifunction VPN, and RV215W Wireless-N VPN routers are affected.\
  4. And the last critical issue which is tracked as CVE-2020-3331 impacts the RV110W Wireless-N VPN firewall and RV215W Wireless-N VPN router. A remote attacker can exploit it without authentication to execute arbitrary code with root privileges by sending the targeted device malicious requests.

However, the company has already stopped manufacturing these small scale routers but has to provide security for them until the flaws are patched. Last month we also reported Critical Java Flaw in Cisco’s call-center product provides remote access to attacker.  The company has no evidence of any exploitation that has taken place with the current flaws in small business routers.

For more news on tech and cybersecurity stay tuned on Android Rookies by subscribing to our newsletter from here.

Share.

About Author

Be Ready for the challenge

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments