Recent headlines this week reported that three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that hackers can use to take control over devices. In the Web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router, you’ll find the vulnerability. Attackers only need to send an unauthenticated HTTP request with custom user data and the vulnerability can easily be exploited if the devices are configured for remote management.
Unfortunately this is not the only unpatched vulnerability within the three Cisco models, the company also warns of a cross-site scripting (XSS) flaw as well as two buffer overflows that could risk denial-of-service conditions. Exploiting the buffer overflows requires attackers to have an authenticated session in the devices’s Wed-based interface. But the XSS flaw is easily triggered by tricking authenticated users to click on malicious URLs. Successful exploit allows attackers to acess sensitive browser-based information. The XSS flaw, because it can be combined with other vulnerabilities, makes it difficult for users to find a mitigation strategy without patches. If users were to disable external management in their devices in an attempt to protect themselves from this vulnerability, the devices will still be exposed through the cross-site scripting flaw.
Unfortunately, no patches are available for any of the 3 security flaws. Cisco plans to release firmware updates that will address the latest flaws sometimes within the third quarter of 2016.
If you would like to educate yourself in more detail about the information presented in this blog post please visit: Flaws expose Cisco small-business routers, firewalls to hacking