Saturday, February 15, 2025
HomeCiscoCritical RCE Bugs in Cisco SMB Routers Let Hackers Gain the Root...

Critical RCE Bugs in Cisco SMB Routers Let Hackers Gain the Root Access Remotely – Update Now!!

Published on

SIEM as a Service

Follow Us on Google News

Recently, the Cisco Small Business Routers has manifested numerous security issues. Cisco has approached multiple pre-auth remote code execution (RCE) vulnerabilities attacking many small business VPN routers.

This vulnerability was allowing the threat actors to execute arbitrary code as root on successfully exploited devices. Cisco affirmed that there are three major security bugs that were discovered in the Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers firmware termed as:-

  • CSCvq34465
  • CSCvq34469
  • CSCvq34472

However, all these vulnerabilities endure because HTTP requests are not correctly validated. And the threat actors could easily exploit these vulnerabilities by transferring a crafted HTTP request to the web-based management interface of an attacked device.

And once the exploits are done, it allows the hackers to execute arbitrary code on the compromised device remotely.

Affected routers and security update

Cisco asserted that all the following Small Business Routers are vulnerable to attacks, and are trying to exploit these vulnerabilities if running a firmware version earlier than Release 1.0.01.02:-

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

Moreover, Cisco has also stated the whole procedure of updating the routers to the latest release, and here we have mentioned it step-by-step:-

  • First of all, you have to click, Browse all.
  • Then you have to select Routers –> Small Business Routers –> Small Business RV Series Routers.
  • After that, now you have to select the appropriate router.
  • Now select the Small Business Router Firmware.
  • And then you have to select a release from the left pane of the product page.
  • That’s it; now you are done.

Products Confirmed Not Vulnerable

Apart from this, Cisco has also confirmed that there are some products that are not vulnerable to these vulnerabilities, and here we have mentioned below:-

  • RV340 Dual WAN Gigabit VPN Router
  • RV340W Dual WAN Gigabit Wireless-AC VPN Router
  • RV345 Dual WAN Gigabit VPN Router
  • RV345P Dual WAN Gigabit POE VPN Router

No active exploitation

The Cisco Product Security Incident Response Team (PSIRT) states that it’s not “aware of any public announcements or malicious use of the vulnerabilities.”

While all these vulnerabilities were identified and reported to Cisco by T. Shiomitsu, swings of Chaitin Security Research Lab, and simp1e of 1AQ Team.

Fixed software

In order to fix the software, Cisco has published free software updates that discuss the vulnerabilities that have been reported in this advisory. However, Customers may only install and demand support for software versions and feature sets for which they have acquired a license.

So, the customers may only download software for which they have a legitimate license, obtained from Cisco directly, or over a Cisco approved reseller or partner. 

Apart from this, Cisco has also approached high severity vulnerabilities affecting other business routers and the IOS XR software. Moreover, the company newly published patches for critical security vulnerabilities that subsisted in its Aironet Access Point Software.

The security pros at Cisco declared that the vulnerabilities could commence a threat actor to remote code execution.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Fake BSOD Attack Launched via Malicious Python Script

A peculiar malicious Python script has surfaced, employing an unusual and amusing anti-analysis trick...

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

SocGholish Malware Dropped from Hacked Web Pages using Weaponized ZIP Files

A recent wave of cyberattacks leveraging the SocGholish malware framework has been observed using...

Lazarus Group Targets Developers Worldwide with New Malware Tactic

North Korea's Lazarus Group, a state-sponsored cybercriminal organization, has launched a sophisticated global campaign...

North Korean IT Workers Penetrate Global Firms to Install System Backdoors

In a concerning escalation of cyber threats, North Korean IT operatives have infiltrated global...