You can now find Cyber Kendra on Google News | Telegram

RCE Bug found in Multiple Cisco Small Business Routers

Cisco will not fix the (CVE-2022-20825) RCE zeroday vulnerability in Small Business Routers

Cisco Router Zeroday RCE Vulnerability

Recently, Cisco issued a security advisory that fixes multiple vulnerabilities in several small business routers. A vulnerability exists in the web-based management interface of four Small Business RV Series models namely RV110W, RV130, RV130W, and RV215W routers. 

The vulnerability allows an unauthenticated remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition. Users are advised to upgrade to the latest security version as soon as possible.

The vulnerability is tracked as CVE-2022-20825 and has a CVSS severity rating of 9.8 out of 10.0.

The vulnerability is caused by insufficient validation of user input for incoming HTTP packets, which could be exploited by an attacker by sending a crafted request to the web-based management interface. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on an affected device with root-level privileges.

Impact and Mitigation

The vulnerability impacts four Small Business RV Series models, which are -

  • RV110W Wireless-N VPN Firewall
  • RV130 VPN Router
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

The web management interface for these devices is available over a local LAN connection that cannot be disabled, or over a WAN connection if remote management is enabled. By default, remote management is disabled on these devices.

To determine if the remote management feature is enabled on the device, open the web-based management interface and select Basic Settings > Remote Management. The vulnerability may exist if the Enable checkbox is checked, i.e. remote management is enabled on the device.

Cisco states that they will not be releasing a security update to address CVE-2022-20825 as the devices are no longer supported. Furthermore, there are no mitigations available other than to turn off remote management on the WAN interface, which should be done regardless for better overall security.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.