Cisco fixes major security flaw affecting VPN routers

News
By published

Vulnerabilities carry a severity rating of 9.8

VPN
Image credit: Shutterstock (Image credit: Shutterstock)

Cisco has issued patches for a security flaw affecting several of its small business VPN routers. The vulnerabilities, which allow attackers to conduct remote code execution attacks, carry a severity rating of 9.8 out of 10.

The company revealed that a number of VPN routers were affected if they were running firmware that pre-dated version 1.0.01.02. Cisco also confirmed that its Dual WAN Gigabit VPN Routers (including RV340, RV340W, RV345, and RV345P) were not affected by the security bugs.

“Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as the root user on an affected device,” a Cisco security advisory explains. “Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.”

All fixed up

In the advisory Cisco also revealed that the VPN vulnerabilities existed because HTTP requests were not being properly validated. By sending a crafted HTTP request, an attacker could execute arbitrary code as a root user on an affected device.

Fortunately, Cisco has now issued fixes for all the affected routers, which can be downloaded by updating the device’s firmware. In order to install the patch, users should visit the Cisco Software Center, find the appropriate router and then select “Small Business Router Firmware.” The left pane of the product page will contain the firmware update for download. Individuals with a Cisco service contract should be offered the patches directly.

In other good news, there are currently no known exploits in the wild involving the VPN router vulnerabilities. Cisco has also recently issued security fixes involving a number of other business products, which can be found here.

Via Bleeping Computer

Barclay Ballard
Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things. 

Latest in VPN Privacy & Security
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
A computer file surrounded by red laser beams
Cover your tracks: the risk of sending unencrypted files
Latest in News
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
More about vpn privacy security
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background

A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address

What does your IP address reveal about you?
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background

Sony has dropped a new PS5 update, improving activities and adding more emoji support
See more latest
Most Popular
A close up of the PlayStation symbol at the top of a PS5 Slim console with a white brick background
Sony has dropped a new PS5 update, improving activities and adding more emoji support
Netflix Ads
Netflix adds HDR10+ support – great news for Samsung TV owners, but don't expect LG and Sony to do the same any time soon
Nvidia RTX 5080 against a yellow TechRadar background
RTX 5080 24GB version teased by MSI - is it time to admit that 16GB isn't enough for 4K?
Google Pixel 9a being held, from the back
The Google Pixel 9a’s mysterious delay may have just been explained
Nintendo Sound Clock: Alarmo
Nintendo Sound Clock: Alarmo gets new update with more customizable features ahead of the Switch 2 Direct
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
FiiO FX17 IEMs
Our favorite budget audiophile brand unveils wired earbuds with 26(!) drivers, electrostatic units, USB-C ultra-Hi-Res Audio, and a not-so-budget price
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
girl using laptop hoping for good luck with her fingers crossed
Windows 11 24H2 seems to be a massive fail – so Microsoft apparently working on 25H2 fills me with hope... and fear
ChatGPT Advanced Voice mode on a smartphone.
Talking to ChatGPT just got better, and you don’t need to pay to access the new functionality