Cisco says it's fixed flaw affecting multiple small business VPN routers

News
By published

Software updates containing patched firmware are available for all affected devices

Cisco
(Image credit: Shutterstock / Valriya Zankovych)

Cisco has released patches for two security flaws that impact several of the company's VPN routers for small businesses.

The two vulnerabilities, tracked as CVE-2021-1609 and CVE-2021-1602, were discovered in the company's web-based management interface.

While CVE-2021-1609, which exists as a result of improperly validated HTTP requests, impacts Cisco's RV340, RV350W, RV345 and RV345P Dual WAN Gigabit VPN routers, CVE-2021-1602, which is due to insufficient user input validation, impacts RV160, RV160W, RV260, RV260P and RV260W VPN routers.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

According to a security advisory from Cisco, CVE-2021-1609 can be exploited by a remote attacker on one of the vulnerable VPN routers to execute arbitrary code or to cause the device to reload resulting in a denial of service (DoS) condition.

In a second security advisory, the networking giant explained that CVE-2021-1602 can be exploited by an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of affected devices.

Remote management disabled by default

Although these two vulnerabilities have CVSS scores of 9.8 and 8.2, launching an attack that exploits them will prove challenging for hackers as the remote management feature is disabled by default on all of the affected VPN routers.

Instead organizations need to use a local LAN connection to access Cisco's web-based management interface where both security flaws reside. Still though, owners of affected devices can check to see if remote management has been enabled by accessing the web-based management interface, going to “Basic Settings” and seeing if the “Remote Management” option has been toggled on.

While Cisco says that there are no workarounds available to address these vulnerabilities, the company has released software updates to address both security flaws. Additionally the company's Product Security Incident Response Team (PSIRT) has not observed any exploits or attacks in the wild leveraging these vulnerabilities.

Organizations that own one of the impacted VPN routers can go to Cisco's Software Center to download the patched firmware for their devices.

Via Bleeping Computer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Cisco patches critical security issues, so update now
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
An image of network security icons for a network encircling a digital blue earth.
Industrial networks exposed to attack by faulty Moxa devices
China
Juniper patches security flaws which could have let hackers take over your router
Webex by Cisco banner on a Chromebook
Cisco warns some Webex users of worrying security flaw, so patch now
cables going into the back of a broadband router on white background
Netgear urges users to patch major router security issues now
Latest in VPN Privacy & Security
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.
Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
Latest in News
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about vpn privacy security
Demonstrators protesting against the arrest of the Mayor of Istanbul Ekrem Imamoglu block Atatürk Boulevard on March 22, 2025 in Ankara, Türkiye.

Turkey's social media ban has been lifted, but VPN usage is still high
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background

A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
HDD

Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
See more latest
Most Popular
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI unveiled image generation for 4o – here's everything you need to know about the ChatGPT upgrade
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone