“The initial fix for this vulnerability was found to be incomplete. Cisco is currently working on a complete fix,” reads the security advisory published by Cisco.. “Firmware updates that address this vulnerability are not currently available. There are no workarounds that address this vulnerability.”
The tech giant also confirmed that the flaws have been exploited in attacks in the wild.
On Thursday Cisco announced a new set of security patches for the RV320 and RV325 routers to correctly address the vulnerabilities.
The company attempted to fix two vulnerabilities in January, but the initially released patches were incomplete. The first one could be exploited by a remote and unauthenticated attacker with admin privileges to obtain sensitive information (CVE-2019-1653), while the second one can be exploited for command injection (CVE-2019-1652).
Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root.
Over 9,600 routers were found to be impacted, and all remained exposed due to the incomplete patches.
After Cisco released security patches, hackers started exploiting the flaws in the routers. After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them.
Searching on Shodan for vulnerable Cisco RV320 and RV325 routers it is possible to find tens of thousands of devices online.
The popular expert Troy Mursch, chief research officer at Bad Packets, searched for vulnerable systems using the BinaryEdge search engine and found 9,657 devices exposed online (6,247 Cisco RV320 routers and 3,410, are Cisco RV325 routers).
Both vulnerabilities affect Small Business RV320 and RV325 Dual Gigabit WAN VPN routers running firmware versions 22.214.171.124 through 126.96.36.199. Cisco addressed the issues with the release of version 188.8.131.52, Cisco.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.