Cisco revealed that security patches released in January to address flaws in Small Business RV320 and RV325 routers were incomplete.
Cisco revealed that security updates released in January to address vulnerabilities in Small Business RV320 and RV325 routers were not complete. The tech giant also confirmed that the flaws have been exploited in attacks in the wild.
In January, the tech giant addressed two serious issues in Cisco’s Small Business RV320 and RV325 routers. The first one could be exploited by a remote and unauthenticated attacker with admin privileges to obtain sensitive information (CVE-2019-1653), while the second one can be exploited for command injection (CVE-2019-1652).
Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root.
After Cisco released security patches, hackers started exploiting the flaws in the routers. After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them.
Searching on Shodan for vulnerable Cisco RV320 and RV325 routers it is possible to find tens of thousands of devices online.
The popular expert Troy Mursch, chief research officer at Bad Packets, searched for vulnerable systems using the BinaryEdge search engine and found 9,657 devices exposed online (6,247 Cisco RV320 routers and 3,410, are Cisco RV325 routers).
Unfortunately, the fixes were incomplete allowing threat actors to continue to exploit them in live attacks.
“The initial fix for this vulnerability was found to be incomplete. Cisco is currently working on a complete fix,” reads the security advisory published by Cisco.. “Firmware updates that address this vulnerability are not currently available. There are no workarounds that address this vulnerability.”
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.