Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers.
The CVE-2021-34730 flaw resides in the Universal Plug-and-Play (UPnP) service of vulnerable devices, an unauthenticated attacker could trigger this issue to remotely execute arbitrary code as root, or trigger a denial of service condition.
The flaw is due to improper validation of incoming UPnP traffic, it received a CVSS score of 9.8.
“A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.” reads the security advisory published by Cisco.
“This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.”
The IT giant recommends customers using RV110W Wireless-N VPN Firewalls, RV130 VPN Routers, RV130W Wireless-N Multifunction VPN Routers, and RV215W Wireless-N VPN Routers to disable UPnP on both the LAN and WAN interfaces of their devices. The advisory states that the UPnP service is enabled by default on LAN interfaces and disabled by default on WAN interfaces.
“While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions,” Cisco adds.
The company pointed out that it is not aware of attacks in the wild exploiting the CVE-2021-34730 flaw.
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, CVE-2021-34730)