In order to use secured network, all you need is internet access, VPN password and a small piece of VPN software installed in user’s laptop. The good news is that, according to Cisco, there has been no indication of current exploitation attempts aimed at these vulnerabilities. Cisco VPN Router provides wireless internet access securely without compromising business’s private network resources.
If an attacker decides to exploit this vulnerability he may gain administrator-level rights on the infected device, and perform arbitrary operations as the root user. The CVE-2016-1732 vulnerability is caused by the lack of input validation on the user side. Routers running versions older than 1.0.01.04 in the Small Business RV Series are vulnerable to this flaw. As per the reports, a remote attacker could exploit this flaw to run arbitrary commands on the operating system of an affected device without being authenticated. Successful exploitation of CVE-2021-1610, which represents a command injection flaw, may enable an attacker to remotely execute arbitrary commands with root privileges on a device impacted by the vulnerability.Īnother severe vulnerability, tracked as CVE-2016-1732, that Cisco identified in Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers has received a patch. Tracked as CVE-2021-1609 with a CVSS score of 9.8, and CVE-2021-1610 with CVSS score of 7.2, both flaws come from inadequate validation of HTTP requests, which enables attackers to construct a malicious HTTP request and send it to a vulnerable device.Īs per what has been revealed in Cisco’s report, an unauthenticated, remote attacker may exploit CVE-2021-1609 to force the device to reload, resulting in a Denial of Service attack, or run an arbitrary code without any restrictions. A new Security Advisory from Cisco has outlined a huge number of security-related vulnerabilities and issues. In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched.
These vulnerabilities exists in the web-based administration interface of the Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers that are running a firmware versions older than the version 1.0.03.22. Cisco Small Business Routers Security Flaws Allow Malicious Code Execution, Patch ASAP.