Critical flaws in Cisco’s Small Business RV Series VPN routers

Threat Advisories

Critical flaws in Cisco’s Small Business RV Series VPN routers

August 5, 2021

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here.

Cisco has patched serious vulnerabilities that might be exploited by sending maliciously crafted HTTP requests to the web-based management interfaces of vulnerable Small Business RV Series Routers. However, the remote management feature is disabled by default on all impacted VPN routers. The threat research team at Hive Pro hasn’t observed any exploits of these flaws in the wild, yet it is strongly recommended to patch the reported vulnerabilities.

Vulnerability Details

Patch Links

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-code-execution-9UVJr7k4

References

https://thehackernews.com/2021/08/cisco-issues-critical-security-patches.html

https://www.bleepingcomputer.com/news/security/cisco-fixes-critical-high-severity-pre-auth-flaws-in-vpn-routers/

Recent Posts

Join Our Newsletter 14,000+ subscribers and growing! Get top cybersecurity news delivered directly to your inbox.