Cisco closes critical leak that allows takeover of VPN routers

Cisco has released security updates for a critical vulnerability that could allow several remote VPN routers to be taken over by an unauthenticated attacker. The vulnerability, designated CVE-2021-1609, is present in the Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN routers.

The impact of the vulnerability was assessed on a scale of 1 to 10 with a 9.8. The vulnerability is caused by the web interface not properly validating http requests. Sending a specially crafted http request could allow an attacker to execute arbitrary code on the device or cause a denial of service.

Cisco notes that the web interface is not accessible from the Internet by default, but users can enable it themselves, for example for remote management. To fix the vulnerability, Cisco has released security updates. Workarounds are not available, according to the network manufacturer.

Small Business RV160 en RV260 VPN-routers

In addition, Cisco has also released security updates for the Small Business RV160 and RV260 VPN routers. This addresses a vulnerability ( CVE-2021-1602 ) in the web interface that could allow an unauthenticated attacker to remotely execute arbitrary commands with root privileges.

This vulnerability rated 8.2 for impact, is caused by improper validation of user input. Also in this case, Cisco states that the web interface is not accessible from the internet by default. Patches are available for the RV160, RV160W, RV260, RV260P, and RV260W.

Previous Post Next Post