Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Critical Vulnerabilities Can Be Exploited to Hack Cisco Small Business Routers

Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold.

Cisco on Wednesday released security advisories to inform customers of several critical vulnerabilities that can be exploited remotely to hack small business routers and firewalls that are no longer being sold.

One of the critical flaws, which is tracked as CVE-2020-3330 and has a CVSS score of 9.8, affects Cisco Small Business RV110W Wireless-N VPN firewalls and it allows a remote and unauthenticated attacker to take full control of a device by connecting to it using a default and static password.

Another critical flaw, CVE-2020-3323, affects Small Business RV110W, RV130, RV130W, and RV215W routers. It allows a remote hacker to execute arbitrary code on the targeted device with root privileges by sending it a specially crafted HTTP request. Exploitation does not require authentication.

The third critical security hole fixed by the company this week in small business routers is CVE-2020-3144, which can be exploited to bypass authentication and execute arbitrary commands with admin privileges by sending malicious HTTP requests to the device. RV110W Wireless-N VPN firewalls and RV130 VPN, RV130W Wireless-N Multifunction VPN, and RV215W Wireless-N VPN routers are affected.

The last critical issue, CVE-2020-3331, impacts the RV110W Wireless-N VPN firewall and RV215W Wireless-N VPN router. A remote attacker can exploit it without authentication to execute arbitrary code with root privileges by sending the targeted device malicious requests.

The impacted routers and firewalls are no longer being sold by Cisco, but apparently they have yet to reach end of support so the company has still patched them.

Patches have also been released for a critical privilege escalation vulnerability affecting Cisco’s Prime License Manager (PLM) software. An attacker who has a valid username can obtain admin privileges on the system.

Cisco also informed customers this week about the availability of patches for high-severity vulnerabilities affecting its SD-WAN solutions and some small business routers. These flaws can be exploited to obtain sensitive files from the targeted system, launch DoS attacks, and execute arbitrary code or commands.

While some of the high-severity issues can be exploited remotely without authentication, several of the flaws require authentication and/or access to the targeted system or network.

There is no evidence that any of these vulnerabilities has been exploited in malicious attacks and none of them appears to have been publicly disclosed before Cisco released fixes.

F-Secure revealed on Wednesday that it has identified two counterfeit Cisco switches and an analysis of the fake devices led to the discovery of a vulnerability that also appears to impact genuine Cisco equipment. The networking giant has launched an investigation and promised to keep customers informed on its findings.

Related: Cisco Adds New Security Features to Webex, Patches Serious Vulnerabilities

Related: Cisco Patches Dozen Vulnerabilities in Industrial Routers

Related: Cisco Patches High Severity Vulnerabilities in Security Products

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.