My TechDecisions

IT Infrastructure, Network Security, News

Cisco Urges Customers To Patch Small Business Routers

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access.

Leave a Comment

Cisco Box

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access as the root user on an affected device.

According to Cisco, there are multiple vulnerabilities in the web-based management interface of its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers that “could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.”

The vulnerabilities are given a “critical” designation and were first published on Feb. 3. They are tracked as CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294 andCVE-2021-1295.

Cisco assigned the vulnerabilities a base score of 9.8.

“These vulnerabilities exist because HTTP requests are not properly validated,” the advisory says. “An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.”

Read Next: Cisco Warns of Vulnerability in Small Business Switches Switches

The small business routers affected, if running firmware earlier than Release 1.0.01.02, include these products:

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

There are no workarounds for these vulnerabilities, so customers are advised to download the free software upgrade to patch these vulnerabilities and prevent an attacker from exploiting them.

On the same day, the company also said its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers contained vulnerabilities that could allow a remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system.

Those were labeled as “high” and given a base score of 7.5.

For more information on these and other vulnerabilities with Cisco products and how to patch them, visit the company’s security advisory website.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

WEBINAR: Achieving the Wow Factor with Limitless dvLED Solutions

Webinar Date: June 16, 2021 at 2:00 PM ET Register Today In order to provide a memorable, engaging experience for their guests, companies are looki...

WEBINAR: How Integrators, Manufacturers, and End Users Collaborate on Digital Platforms

Webinar Date: June 9, 2021 at 2:00 PM ET Register Today As employees continue to return to the office, the digital platforms organizations provide ...

IT Pro MBA: Managing Your Team

When you first get into IT, all you are learning about are the systems. You are taking certifications, classes, and getting your foot in the door. ...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales