Last week, Cisco announced of a severe vulnerability in the web-based management interface of its Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers. This vulnerability could easily allow an unauthenticated, remote attacker to retrieve sensitive information.
Cisco in their report, mention that this vulnerability is due to the improper access controls for URLs. An attacker could easily exploit this vulnerability by connecting to the affected device via HTTP or HTTPS and requesting specific URLs. A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.
Cisco routers vulnerable to CVE-2019-1653
According to Bad packets report, they scanned around 15,309 unique IPv4 hosts and determined 9,657 Cisco RV320/RV325 routers are vulnerable to CVE-2019-1653. Their report states,
- 6,247 out of 9,852 Cisco RV320 routers scanned are vulnerable (1,650 are not vulnerable and 1,955 did not respond to our scans)
- 3,410 out of 5,457 Cisco RV325 routers scanned are vulnerable (1,027 are not vulnerable and 1,020 did not respond to our scans)
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime
Source: Bad packets report
This vulnerability also affects Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers running Firmware Releases 1.4.2.15 and 1.4.2.17. Cisco has also released firmware updates to address this vulnerability. However, they mention, there are no workarounds that address this vulnerability.
To know about this news in detail, visit Cisco’s official website.
Cisco and Huawei Routers hacked via backdoor attacks and botnets
Dropbox purchases workflow and eSignature startup ‘HelloSign’ for $250M
Per the new GDC 2019 report, nearly 50% of game developers think game industry workers should unionize
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Japan
Slovakia
