My TechDecisions

IT Infrastructure, Network Security, News

Cisco Urges Customers To Patch Small Business Routers

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access.

Leave a Comment

Cisco Webex Vulnerability

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access as the root user on an affected device.

According to Cisco, there are multiple vulnerabilities in the web-based management interface of its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers that “could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.”

The vulnerabilities are given a “critical” designation and were first published on Feb. 3. They are tracked as CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294 andCVE-2021-1295.

Cisco assigned the vulnerabilities a base score of 9.8.

“These vulnerabilities exist because HTTP requests are not properly validated,” the advisory says. “An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.”

Read Next: Cisco Warns of Vulnerability in Small Business Switches Switches

The small business routers affected, if running firmware earlier than Release 1.0.01.02, include these products:

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

There are no workarounds for these vulnerabilities, so customers are advised to download the free software upgrade to patch these vulnerabilities and prevent an attacker from exploiting them.

On the same day, the company also said its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers contained vulnerabilities that could allow a remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system.

Those were labeled as “high” and given a base score of 7.5.

For more information on these and other vulnerabilities with Cisco products and how to patch them, visit the company’s security advisory website.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Introducing the IT Pro MBA: Vetting Technology

At some point in your career there is going to come a time when you are tasked with reviewing and vetting new tech to implement into your company. ...

9 Technology Products to Help Combat COVID-19 Spread in the Workplace

As the Coronavirus continues on and leads us further into uncertainty, the question remains, “when do we return to the office?” For some the answer...

Top 9 Reasons Enterprise IT Leaders Are Moving Their Video Surveillance to the Eagle Eye Cloud

Working in IT has enough challenges without adding in the complications of surveillance video. Things like total cost of maintenance, how the VMA m...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales