Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

No Patch for Critical RCE Flaw in Cisco Routers

Cisco is working on developing patches for several vulnerabilities affecting its RV series routers, including a critical flaw that can be exploited by a remote attacker for arbitrary code execution.

Cisco is working on developing patches for several vulnerabilities affecting its RV series routers, including a critical flaw that can be exploited by a remote attacker for arbitrary code execution.

The security holes, reported to Cisco by researcher Samuel Huntley, affect the RV110W Wireless-N VPN firewall, the RV130W Wireless-N Multifunction VPN router, and the RV215W Wireless-N VPN router.

The critical vulnerability, identified as CVE-2016-1395, is caused by insufficient sanitization of HTTP user input in the device’s web interface. It allows a remote, unauthenticated attacker to execute arbitrary code with root privileges on the targeted system.

“An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data,” Cisco said in its advisory. “An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks.”

Another issue found in the web-based management interface of Cisco’s RV series routers is a cross-site scripting (XSS) vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or access sensitive browser information. An attacker needs to convince the victim to access a specially crafted link in order to exploit the vulnerability (CVE-2016-1396).

Huntley also discovered a couple of denial-of-service (DoS) vulnerabilities in the web interface of Cisco RV110W, RV130W and RV215W routers. The flaws, tracked as CVE-2016-1398 and CVE-2016-1397, are buffer overflows that allow an authenticated attacker to cause the devices to reload and enter a DoS condition by sending them specially crafted HTTP requests. The XSS and DoS flaws have been rated “medium severity.”

None of these vulnerabilities have been patched and there are no workarounds. Cisco expects to release firmware updates in the third quarter of 2016. In the meantime, the company pointed out that the web-based management interface affected by the flaws is only accessible via a local LAN connection or the remote management feature, which is disabled by default.

The networking giant says there is no evidence that any of these flaws have been exploited for malicious purposes.

Related: DoS Vulnerability Affects Cisco, Juniper Products

Related: Cisco Fixes Flaws in Network Analysis Modules

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...