Cisco says it won't patch these dangerous VPN security flaws in its SMB routers
Users should just upgrade to newer kit, Cisco advisory says
Cisco has said it won't be issuing any further updates for three vulnerable routers which could apparently allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network.
Customers of the networking giant should check out if their set-ups include the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router.
On the plus side, Cisco said its security team is not aware of any public announcements or malicious use of the vulnerability, which was given a severity rating of medium, which is described in this advisory.
Router security
Cisco recommends possibly impacted users should migrate to Cisco Small Business RV132W, RV160, or RV160W routers.
For those currently low on funds, unfortunately, there are no workarounds that address this vulnerability according to Cisco.
Users of the routers in question may have at least gotten a good amount of bang for their buck.
The networking giant hasn't sold the RV110W and RV130 since 2017, and only officially ended support for them in 2022.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Unfortunately, networking hardware remains an extremely common endpoint for cyber criminals to try and gain access to organizations and as a result, it's a good idea to keep your hardware filled patched at all times.
You can check if the vulnerability impacts you by logging into the web-based management interface and choosing "VPN > IPSec VPN Server > Setup".
If the Server Enable check box is checked, the IPSec VPN Server is enabled on the device, potentially putting you in danger.
- Is security a key factor when it comes to your organization's approach to networking? Check out our guide to the best routers.
Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.