My TechDecisions

IT Infrastructure, Network Security, News

Cisco Urges Customers To Patch Small Business Routers

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access.

Leave a Comment

Cisco

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access as the root user on an affected device.

According to Cisco, there are multiple vulnerabilities in the web-based management interface of its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers that “could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.”

The vulnerabilities are given a “critical” designation and were first published on Feb. 3. They are tracked as CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294 andCVE-2021-1295.

Cisco assigned the vulnerabilities a base score of 9.8.

“These vulnerabilities exist because HTTP requests are not properly validated,” the advisory says. “An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.”

Read Next: Cisco Warns of Vulnerability in Small Business Switches Switches

The small business routers affected, if running firmware earlier than Release 1.0.01.02, include these products:

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

There are no workarounds for these vulnerabilities, so customers are advised to download the free software upgrade to patch these vulnerabilities and prevent an attacker from exploiting them.

On the same day, the company also said its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers contained vulnerabilities that could allow a remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system.

Those were labeled as “high” and given a base score of 7.5.

For more information on these and other vulnerabilities with Cisco products and how to patch them, visit the company’s security advisory website.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

2021 Gartner® Magic Quadrant™ for ITSM Tools

Gartner® has once again recognized Freshworks’ IT service management platform, Freshservice, in the 2021 Gartner® Magic Quadrant™ for IT Serv...

Choosing the Right Video Wall for Your Workplace

It’s becoming ever more clear that path forward for the modern workplace is a hybrid model. Employees will likely be splitting their time between a...

Making AI Work For IT Service Management

AI or Artificial Intelligence has been said to drastically change the way we do things, everything from cars and robots to marketing and digital ex...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales