Security experts Adam Zielinski and Harri Kuosmanen reported to CISCO several critical and high severity flaws in the CISCO Small Business Routers.
According to CISCO, the CVE-2015-6397 flaw affects RV series routers, the RV110W, RV130W and RV215W model include a default account that can be exploited by attackers to gain root access to the device. In a secure environment, a default account should normally have least privileges, but in Cisco Small Business Routers belonging the RV series it has root privileges.
“A vulnerability in the default account when used with a specific configuration of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to gain root access to the device. The account could incorrectly be granted root privileges at authentication time.” states the security advisory published by CISCO.
Cisco also issued another security advisory about a critical vulnerability (CVE-2016-1430) affecting the RV180 and RV180W VPN routers. A remote authenticated attacker can exploit the flaw in the web interface to execute arbitrary code with root privileges.
“A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.” states the advisory published by CISCO.
“The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges.”
CISCO also confirmed that the RV180 and RV180W VPN routers are affected by a high severity vulnerability (CVE-2016-1429) that can be exploited by a remote attacker to perform a directory traversal and access arbitrary files on the system.
“A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal.” states CISCO.
“The vulnerability is due to lack of proper input verification and sanitization of the user input directory path. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to read arbitrary files on the system that should be restricted.”
The bad news does not end there, the RV110W, RV130W, and RV215W routers are also affected by a medium severity command shell injection flaw that could be exploited by a local attacker to inject arbitrary shell commands.
Cisco has already released firmware updates for the address the flaws affecting RV110W, RV130W and RV215W routers. Unfortunately, CISCO will not issue release patches for the RV180 and RV180W models because they are no more available on the marker.
The good news is that CISCO is not aware of any attacks against its Cisco Small Business Routers involving the above vulnerabilities.
(Security Affairs – Cisco Small Business Routers, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.