Connect with us

Hi, what are you looking for?


Network Security

Cisco Patches Critical Vulnerability in Wireless Routers

Cisco released security patches this week to address a Critical vulnerability in several wireless routers that allows an attacker to remotely execute code on the impacted devices. 

Cisco released security patches this week to address a Critical vulnerability in several wireless routers that allows an attacker to remotely execute code on the impacted devices. 

Tracked as CVE-2019-1663 and featuring a CVSS score of 9.8, the security flaw resides in the web-based management interface of three router models and is created due to improper validation of user-supplied data in the web-based management interface. 

“An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user,” Cisco explains in an advisory.

All releases of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router are affected, the company reveals. 

The web-based management interface of these devices can be accessed either through a local LAN connection or via remote management. The remote management feature is disabled by default. 

According to Cisco, there are no workarounds available for this vulnerability. However, software updates are already available to address the issue.

Patched releases include RV110W Wireless-N VPN Firewall:, RV130W Wireless-N Multifunction VPN Router:, and RV215W Wireless-N VPN Router: 

Advertisement. Scroll to continue reading.

The vulnerabilities were initially revealed in October 2018, at the GeekPwn Shanghai conference. At the time, the security researchers who disclosed the bug did not provide technical details or information on the affected products, Cisco says. 

This week, Cisco also released updates for the Webex Meetings Desktop App and Webex Productivity Tools for Windows after discovering a High severity vulnerability (CVSS score of 7.8) in the software’s update service. 

Due to insufficient validation of user-supplied parameters, the bug could allow an authenticated, local attacker to execute arbitrary commands as a privileged user. To exploit the issue, an attacker would have to invoke the update service command with a crafted argument.

Tracked as CVE-2019-1674, the vulnerability affects all Webex Meetings Desktop App releases prior to 33.6.6, and Webex Productivity Tools releases 32.6.0 and later prior to 33.0.7. Only the Windows versions are impacted, not the macOS or Linux releases. 

Cisco says it is not aware of public announcements or malicious use of the vulnerability.

Related: Cisco Patches Flaws in Webex, SD-WAN, Other Products

Related: Cisco Releases Second Patch for Webex Meetings Vulnerability

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...