Last week, RedTeam Pentesting had discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. According to RedTeam Pentesting, the feature was inadequately patched by the vendor. On Saturday, Cisco acknowledged that it had mismanaged a patch which would give rise to a vulnerability in two router models, namely, Cisco RV320 and RV325 WAN VPN routers.
https://twitter.com/RedTeamPT/status/1110843396657238016
The security flaws
These router vulnerabilities were discovered way back in September 2018. Post four months the discovery, a patch was issued for blacklisting the curl which is a command-line tool used for transferring data online and is also integrated into internet scanners. The idea behind introducing this curl was to prevent the devices from the attackers. Cisco patches were intended to protect these vulnerable devices. And initially, it was believed that Cisco’s patches were the ideal choice for businesses.
Cisco’s RV320 product page reads, "Keep your employees, your business, and yourself productive and effective. The Cisco RV320 Dual Gigabit WAN VPN Router is an ideal
choice for any small office or small business looking for performance, security, and reliability in its network." Around 10,000 of these devices are still accessible online and are vulnerable to attacks. Cisco’s patch could merely blacklist the curl which turned out be a major problem.
In January, this year, security researcher David Davidson published a proof-of-concept for two Cisco RV320 and RV325 vulnerabilities. The security flaws patched by Cisco were:
CVE-2019-1652
This flaw allows remote attackers to inject and run admin commands on the device without using a password.
Unlock access to the largest independent learning library in Tech for FREE!
Get unlimited access to 7500+ expert-authored eBooks and video courses covering every tech area you can think of.
Renews at €18.99/month. Cancel anytime
CVE-2019-1653
This flaw allows remote attackers to get sensitive device configuration details without using a password.
But it seems instead of fixing the vulnerable code in the actual firmware, Cisco has instead blacklisted the user agent for curl.
https://twitter.com/bad_packets/status/1110981011523977217
Most of the users are surprised by this news and they think that these patches can be easily bypassed by the attackers.
https://twitter.com/hrbrmstr/status/1110995488235503616
https://twitter.com/tobiasz_cudnik/status/1111068710360485891
To know more about this news, check out RedTeam Pentesting’s post.
Redis Labs raises $60 Million in Series E Funding led by Francisco partners
San Francisco legislation proposes a citywide ban on government’s use of facial recognition technology
Cisco and Huawei Routers hacked via backdoor attacks and botnets
Germany
Slovakia
Canada
Brazil
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
United States
Great Britain
India
Spain
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
France
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Australia
Japan
Russia
