Project Hyphae

Cisco’s RV Routers: End of Life and End of Security

Share This Post

Cisco has announced that it will not be releasing patches for a critical vulnerability (CVE-2023-20025) that affects small business RV016, RV042, RV042G, and RV082 routers, as they have reached end of life. The vulnerability, which has a CVSS score of 9.0, impacts the web-based management interface of the routers and could be exploited to bypass authentication. The issue exists because user input within incoming HTTP packets is not properly validated, allowing an attacker to send crafted HTTP requests to the router, to bypass authentication and gain root access to the operating system. Cisco also warned of a high-severity bug in the web-based management interface of the same routers, which could lead to remote command execution (CVE-2023-20026), but this vulnerability requires the attacker to be authenticated. To mitigate these vulnerabilities, administrators can disable remote management on the affected devices and block access to ports 443 and 60443. Cisco says it is not aware of any malicious attacks targeting the vulnerabilities.


More To Explore

Information Security News 1-23-2023

MailChimp Discloses New Breach After Employees Got Hacked Article Link: T-Mobile Suffers 8th Data Breach in Less Than 5 Years Article Link: Hackers

BianLian Ransomware Decryptor Made Public

BianLian, a Windows ransomware variant written in Go, the Google-created open source programming language, has been steadily increasing in popularity among threat actors since it

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.