CATEGORIES
home News

Cisco RV320/RV325 WAN Router Vulnerability Threatens Internet Providers And The Enterprise

by Brandon HillSunday, January 27, 2019, 02:45 PM EDT
cisco rv325
For organizations that are reliant on Cisco RV320 and RV325 WAN VPN routers, we implore you to -- if you haven't already -- apply two patches that were issued late last week. The patches address the following vulnerabilities:

  • CVE-2019-1652: A vulnerability in the web-based management interface that could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.
  • CVE-2019-1653: A vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to retrieve sensitive information. 

According to BleepingComputer, both vulnerabilities were discovered by German firm RedTeam Pentesting and were privately disclosed to Cisco, which prompted the company to release the above patches. However, things took a turn for the worst when a security researcher, David Davidson, decided to post a proof-of-concept [via GitHub] for chaining the two exploits together to initiate a successful attack against unpatched RV320 and RV325 routers.

The chances that all affected routers would be patched in a matter of just a few days is wishful thinking, which is why some rather resourceful hackers are already building on Davidson's work to obtain full control over the affected routers.

Thanks to an investigation by Bad Packets Report, it was discovered that nearly 9,700 Cisco routers are affected (the vast majority of which are located in the United States), with attackers having the potential to gain access to "an entire dump of the device's configuration settings" using CVE-2019-1653. Hackers also could gain access to administrator credentials, although password information is hashed.

However, when combined with CVE-2019-1652, remote code execution allows deeper access to device commands and the eventual full control of targeted devices.

At this point, the first course of action would be to of course apply Cisco's patches for the RV320 and RV325. The second move would be to change admin and Wi-Fi credentials as those details very well may have been leaked at this point.

Tags:  Cisco, Hackers, rv320, rv325, remote execution
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment