Critical flaws in Cisco's Small Business RV Series VPN routers

THREAT LEVEL: Amber.

For a detailed advisory, download the pdf file here.

Cisco has patched serious vulnerabilities that might be exploited by sending maliciously crafted HTTP requests to the web-based management interfaces of vulnerable Small Business RV Series Routers. However, the remote management feature is disabled by default on all impacted VPN routers. The threat research team at Hive Pro hasn’t observed any exploits of these flaws in the wild, yet it is strongly recommended to patch the reported vulnerabilities.