Thursday, December 5, 2024
HomeCiscoCritical RCE Bugs in Cisco SMB Routers Let Hackers Gain the Root...

Critical RCE Bugs in Cisco SMB Routers Let Hackers Gain the Root Access Remotely – Update Now!!

Published on

SIEM as a Service

Recently, the Cisco Small Business Routers has manifested numerous security issues. Cisco has approached multiple pre-auth remote code execution (RCE) vulnerabilities attacking many small business VPN routers.

This vulnerability was allowing the threat actors to execute arbitrary code as root on successfully exploited devices. Cisco affirmed that there are three major security bugs that were discovered in the Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers firmware termed as:-

  • CSCvq34465
  • CSCvq34469
  • CSCvq34472

However, all these vulnerabilities endure because HTTP requests are not correctly validated. And the threat actors could easily exploit these vulnerabilities by transferring a crafted HTTP request to the web-based management interface of an attacked device.

- Advertisement - SIEM as a Service

And once the exploits are done, it allows the hackers to execute arbitrary code on the compromised device remotely.

Affected routers and security update

Cisco asserted that all the following Small Business Routers are vulnerable to attacks, and are trying to exploit these vulnerabilities if running a firmware version earlier than Release 1.0.01.02:-

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

Moreover, Cisco has also stated the whole procedure of updating the routers to the latest release, and here we have mentioned it step-by-step:-

  • First of all, you have to click, Browse all.
  • Then you have to select Routers –> Small Business Routers –> Small Business RV Series Routers.
  • After that, now you have to select the appropriate router.
  • Now select the Small Business Router Firmware.
  • And then you have to select a release from the left pane of the product page.
  • That’s it; now you are done.

Products Confirmed Not Vulnerable

Apart from this, Cisco has also confirmed that there are some products that are not vulnerable to these vulnerabilities, and here we have mentioned below:-

  • RV340 Dual WAN Gigabit VPN Router
  • RV340W Dual WAN Gigabit Wireless-AC VPN Router
  • RV345 Dual WAN Gigabit VPN Router
  • RV345P Dual WAN Gigabit POE VPN Router

No active exploitation

The Cisco Product Security Incident Response Team (PSIRT) states that it’s not “aware of any public announcements or malicious use of the vulnerabilities.”

While all these vulnerabilities were identified and reported to Cisco by T. Shiomitsu, swings of Chaitin Security Research Lab, and simp1e of 1AQ Team.

Fixed software

In order to fix the software, Cisco has published free software updates that discuss the vulnerabilities that have been reported in this advisory. However, Customers may only install and demand support for software versions and feature sets for which they have acquired a license.

So, the customers may only download software for which they have a legitimate license, obtained from Cisco directly, or over a Cisco approved reseller or partner. 

Apart from this, Cisco has also approached high severity vulnerabilities affecting other business routers and the IOS XR software. Moreover, the company newly published patches for critical security vulnerabilities that subsisted in its Aironet Access Point Software.

The security pros at Cisco declared that the vulnerabilities could commence a threat actor to remote code execution.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Deloitte UK Hacked – Brain Cipher Group Claim to Have Stolen 1 TB of Data

Brain Cipher has claimed to have breached Deloitte UK and exfiltrated over 1 terabyte...

Shut Down Phishing Attacks -Detection & Prevention Checklist

In today's interconnected world, where digital communication and transactions dominate, phishing attacks have become...

Why the MITRE ATT&CK Evaluation Is Essential for Security Leaders

In today’s dynamic threat landscape, security leaders are under constant pressure to make informed...