A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly.
Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers. These routers are described by Cisco as “networking-in-a-box” models that are targeted for small or home offices and smaller deployments.
The vulnerability (CVE-2021-1287) stems from an issue in the routers’ web-based management interface. It ranks 7.2 out of 10 on the CVSS scale, making it high severity.
“A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device,” said Cisco on Wednesday.
The Cisco Router Vulnerability
The vulnerability stems from the routers’ web-based management interface improperly validating user-supplied input, said Cisco. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device – however, of note the attacker would need to first be authenticated to the device (which could be achieved via a phishing attack or other malicious attack, for instance).
Affected are RV132W ADSL2+ Wireless-N VPN routers running a firmware release earlier than Release 188.8.131.52 (which is fixed); and RV134W VDSL2 Wireless-AC VPN Routers running a firmware release earlier than Release 184.108.40.206 (the fixed version). Shizhi He of Wuhan University was credited with reporting the flaw.
“The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” said Cisco.
Cisco Flaws: Patches Issued This Year
The patch is only the latest from Cisco this year. In February, Cisco rolled out fixes for critical holes in its lineup of small-business VPN routers, which could be exploited by unauthenticated, remote attackers to view or tamper with data, and perform other unauthorized actions on the routers.
In 2021, Cisco also patched various vulnerabilities across its product lineup, including multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users, and a high-severity flaw in its smart Wi-Fi solution for retailers that could allow a remote attacker to alter the password of any account user on affected systems.
Check out our free upcoming live webinar events – unique, dynamic discussions with cybersecurity experts and the Threatpost community: