Cisco’s RV Routers: End of Life and End of Security

Share This Post

Cisco has announced that it will not be releasing patches for a critical vulnerability (CVE-2023-20025) that affects small business RV016, RV042, RV042G, and RV082 routers, as they have reached end of life. The vulnerability, which has a CVSS score of 9.0, impacts the web-based management interface of the routers and could be exploited to bypass authentication. The issue exists because user input within incoming HTTP packets is not properly validated, allowing an attacker to send crafted HTTP requests to the router, to bypass authentication and gain root access to the operating system. Cisco also warned of a high-severity bug in the web-based management interface of the same routers, which could lead to remote command execution (CVE-2023-20026), but this vulnerability requires the attacker to be authenticated. To mitigate these vulnerabilities, administrators can disable remote management on the affected devices and block access to ports 443 and 60443. Cisco says it is not aware of any malicious attacks targeting the vulnerabilities.

Links:

https://www.securityweek.com/cisco-warns-critical-vulnerability-eol-small-business-routers

https://www.helpnetsecurity.com/2023/01/12/cve-2023-20025-cve-2023-20026/



Reach out to our incident response team for help

More To Explore

Information Security News – 6/23/2025

Law Enforcement Takedowns Disrupt Cybercrimes Across the Globe Article Link: https://cyberscoop.com/cybercrime-crackdown-operation-endgame-operation-secure/   Microsoft 365 to Block File Access Via Legacy Auth by Default Article link:

Information Security News – 6/16/2025

Grocery Wholesale Giant United Natural Foods Hit by Cyberattack Article Link: https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/ The Worsening Landscape of Educational Cybersecurity Article Link: https://blog.knowbe4.com/the-worsening-landscape-of-educational-cybersecurity Gov. Abbott Signs Texas

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.