CATEGORIES
home IT/Enterprise Data Center/SOHO

Cisco Small Business Router Security Flaws Allow Malicious Code Execution, Patch ASAP

by Lane BabuderSaturday, February 05, 2022, 12:31 PM EDT
Cisco Small Business Router
A new Security Advisory from Cisco has outlined a huge number of security-related vulnerabilities and issues that have been patched in their latest firmware update. The security advisory says to run updates on the devices affected immediately.

The advisory, which was first published on February 2 and updated again on February 4 of 2022, outlines that a large number of bugs have been patched in the latest firmware available for the devices. The bugs that were patched allow things such as arbitrary code execution, elevating privileges, arbitrary command execution, and bypass authorization and authentication. These are particularly nasty in that they effectively allow an attacker to log into the affected device and in turn run whatever they want on it by elevating their privileges on the device. Because this makes access to the device directly available, it also allows the attacker to download and run unsigned software and even drive denial-of-service attacks utilizing any of these Cisco routers.
cisco rv345p router
Cisco is most likely one of the most popular enterprise network hardware providers in the world, according to Statista, supporting more than 55% of the enterprise network infrastructure. So it stands to reason a pretty good portion of the enterprise and small-business market do make use of these particular models. With as much hardware that could potentially be affected, if enough of these deploy router remain unpatched, there is a decent probability of them being added to a botnet to create a pretty nasty Distributed-Denial-of-Service (DDoS) attack, should that be the goal of the attacker.

As of right now, Cisco states that only the following models are affected by the vulnerabilities:
  • RV160 VPN Routers
  • RV160W Wireless-AC VPN Routers
  • RV260 VPN Routers
  • RV260P VPN Routers with PoE
  • RV260W Wireless-AC VPN Routers
  • RV340 Dual WAN Gigabit VPN Routers
  • RV340W Dual WAN Gigabit Wireless-AC VPN Routers
  • RV345 Dual WAN Gigabit VPN Routers
  • RV345P Dual WAN Gigabit POE VPN Routers
While all of these models, the most recent of which being RV345P, are no longer being sold by Cisco as of October of 2021, there’s still a good chance that many of these products are still in active service. So, if you know someone, whether that be a business owner, an IT firm, a managed service provider, or anyone who might use one of these models, please let them know to update their firmware immediately. The full report from Cisco is available here.
Tags:  security, Cisco, (nasaq:csco)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment