Cisco’s RV Routers: End of Life and End of Security

Share This Post

Cisco has announced that it will not be releasing patches for a critical vulnerability (CVE-2023-20025) that affects small business RV016, RV042, RV042G, and RV082 routers, as they have reached end of life. The vulnerability, which has a CVSS score of 9.0, impacts the web-based management interface of the routers and could be exploited to bypass authentication. The issue exists because user input within incoming HTTP packets is not properly validated, allowing an attacker to send crafted HTTP requests to the router, to bypass authentication and gain root access to the operating system. Cisco also warned of a high-severity bug in the web-based management interface of the same routers, which could lead to remote command execution (CVE-2023-20026), but this vulnerability requires the attacker to be authenticated. To mitigate these vulnerabilities, administrators can disable remote management on the affected devices and block access to ports 443 and 60443. Cisco says it is not aware of any malicious attacks targeting the vulnerabilities.

Links:

https://www.securityweek.com/cisco-warns-critical-vulnerability-eol-small-business-routers

https://www.helpnetsecurity.com/2023/01/12/cve-2023-20025-cve-2023-20026/



Reach out to our incident response team for help

More To Explore

Information Security News – 7/13/26

Fake IT bods on Microsoft Teams coax workers into installing malware Article Link: https://www.theregister.com/cyber-crime/2026/07/07/fake-it-bods-on-microsoft-teams-coax-workers-into-installing-malware/5267610 Phishing poses as big-brand job interview to steal Google accounts Article

Information Security News – 07/06/26

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation Article Link: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html ‘Djinn’ Stealer Targets Cloud, AI Credentials Article Link: https://www.darkreading.com/cyberattacks-data-breaches/djinn-stealer-targets-cloud-ai-credentials ChocoPoC Malware Targets

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.