My TechDecisions

IT Infrastructure, Network Security, News

Cisco Urges Customers To Patch Small Business Routers

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access.

Leave a Comment

Cisco

Cisco says customers using its small business routers should upgrade the firmware to fix vulnerabilities that could give remote attackers access as the root user on an affected device.

According to Cisco, there are multiple vulnerabilities in the web-based management interface of its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers that “could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device.”

The vulnerabilities are given a “critical” designation and were first published on Feb. 3. They are tracked as CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294 andCVE-2021-1295.

Cisco assigned the vulnerabilities a base score of 9.8.

“These vulnerabilities exist because HTTP requests are not properly validated,” the advisory says. “An attacker could exploit these vulnerabilities by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to remotely execute arbitrary code on the device.”

Read Next: Cisco Warns of Vulnerability in Small Business Switches Switches

The small business routers affected, if running firmware earlier than Release 1.0.01.02, include these products:

  • RV160 VPN Router
  • RV160W Wireless-AC VPN Router
  • RV260 VPN Router
  • RV260P VPN Router with POE
  • RV260W Wireless-AC VPN Router

There are no workarounds for these vulnerabilities, so customers are advised to download the free software upgrade to patch these vulnerabilities and prevent an attacker from exploiting them.

On the same day, the company also said its Small Business  RV160, RV160W, RV260, RV260P, and RV260W VPN Routers contained vulnerabilities that could allow a remote attacker to conduct directory traversal attacks and overwrite certain files that should be restricted on an affected system.

Those were labeled as “high” and given a base score of 7.5.

For more information on these and other vulnerabilities with Cisco products and how to patch them, visit the company’s security advisory website.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

The State of Digital Signage & Video Wall Technology

Digital signs and video walls come in a variety of sizes, configurations and pixel pitches, but they share a common purpose: communicating information

Live Demo: Ensuring Excellent Hybrid Meetings Without Stressing IT Staff

Watch this live demo of AVI-SPL’s meeting room management software Symphony to learn how to ensure positive meeting outcomes and reduce the burden ...

Three Soft Skills IT Pros Need in 2022 and Beyond

Along with a deep understanding of new and emerging technologies and how to apply them to a business, IT professionals also need the requisite soft...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales