Tuesday, May 6, 2025
HomeComputer SecurityCisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise...

Cisco Released Security Updates for 2 Vulnerabilities that allows Hackers to Compromise Cisco Wireless Routers

Published on

SIEM as a Service

Follow Us on Google News

Cisco released security updates for 2 severe vulnerabilities that affected Cisco wireless VPN, Firewall and Cisco Webex Meetings Desktop App.

First one is a remote command execution vulnerability that has been marked as “Critical” and another one is local Command Injection Vulnerability which is marked as “high” severity.

Remote Command Execution Vulnerability CVE-2019-1663 affected Cisco RV110W, RV130W, and RV215W Routers Wireless-N VPN and Firewall management interface allows remote attacker to execute arbitrary code on an vulnerable device.

- Advertisement - Google News

Another local command injection vulnerability CVE-2019-1674 that affected Cisco Webex Meetings Desktop App and Cisco Webex Productivity Tools allow local attackers to execute arbitrary commands as a privileged user.

Remote command execution flaw affected the Cisco Wireless VPN & Firewall based routers due to improper validation of user-supplied data in the web-based management interface.

According to Cisco released notes. This vulnerability CVE-2019-1663 affects all releases of the following Cisco products prior to those listed in Fixed Releases:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

Remote attackers exploit this vulnerability by sending malicious HTTP requests to a targeted device and gained the complete control of the
affected device with high priviledge.

Another local command injection vulnerability affects all Cisco Webex Meetings Desktop App releases prior to 33.6.6, and Cisco Webex Productivity Tools Releases 32.6.0 and later prior to 33.0.7.

This Webex vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by invoking the update service command with a crafted argument.

First Vulnerability reported by Yu Zhang and Haoliang Lu at the GeekPwn conference and another local command injection flaw reported by
Marcos Accossatto of SecureAuth.

Cisco advised users to immediately apply these patches immediately to keep the network safe and secure.

Learn : Vulnerability Management Analysis Online Course

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Master in Wireshark Network Analysis to keep your self-updated.

Also Read:

Hackers Exploiting More than 9000 Cisco RV320/RV325 Routers After POC published in GitHub

Unpatched Critical Flaw in Cisco Small Business Switches Allows Attackers to Bypass User Authentication

Cisco Released Security Updates & Fixed Several Vulnerabilities that Affected Cisco Products

Privilege Escalation Flaw in Cisco ASA Allows Attackers To Read or Write Files in the System

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems...

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21...

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its...