Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon

Cisco merely blacklisted a curl instead of actually fixing the vulnerable code for RV320 and RV325

Save for later
  • 2 min read
  • 01 Apr 2019

article-image
Last week, RedTeam Pentesting had discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. According to RedTeam Pentesting, the feature was inadequately patched by the vendor. On Saturday, Cisco acknowledged that it had mismanaged a patch which would give rise to a vulnerability in two router models, namely, Cisco RV320 and RV325 WAN VPN routers.

https://twitter.com/RedTeamPT/status/1110843396657238016

The security flaws


These router vulnerabilities were discovered way back in September 2018. Post four months the discovery, a patch was issued for blacklisting the curl which is a command-line tool used for transferring data online and is also integrated into internet scanners. The idea behind introducing this curl was to prevent the devices from the attackers. Cisco patches were intended to protect these vulnerable devices. And initially, it was believed that Cisco’s patches were the ideal choice for businesses.

Cisco’s RV320 product page reads, "Keep your employees, your business, and yourself productive and effective. The Cisco RV320 Dual Gigabit WAN VPN Router is an ideal

choice for any small office or small business looking for performance, security, and reliability in its network." Around 10,000 of these devices are still accessible online and are vulnerable to attacks. Cisco’s patch could merely blacklist the curl which turned out be a major problem.

In January, this year, security researcher David Davidson published a proof-of-concept for two Cisco RV320 and RV325 vulnerabilities. The security flaws patched by Cisco were:

CVE-2019-1652


This flaw allows remote attackers to inject and run admin commands on the device without using a password.

Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime

CVE-2019-1653


This flaw allows remote attackers to get sensitive device configuration details without using a password.

But it seems instead of fixing the vulnerable code in the actual firmware, Cisco has instead blacklisted the user agent for curl.

https://twitter.com/bad_packets/status/1110981011523977217

Most of the users are surprised by this news and they think that these patches can be easily bypassed by the attackers.

https://twitter.com/hrbrmstr/status/1110995488235503616

https://twitter.com/tobiasz_cudnik/status/1111068710360485891

To know more about this news, check out RedTeam Pentesting’s post.

Redis Labs raises $60 Million in Series E Funding led by Francisco partners

San Francisco legislation proposes a citywide ban on government’s use of facial recognition technology

Cisco and Huawei Routers hacked via backdoor attacks and botnets