Multiple Security Issues Detected In Cisco Small Business Routers – Update Now!

11개월 전
in bug

Researchers have noted numerous security issues in multiple Cisco Small Business Routers. Since the vendors have now fixed the flaws, users must quickly update their devices to the latest firmware.

Cisco Small Business Routers Security Issues

As confirmed by Cisco in an advisory, Cisco Small Business Routers exhibited numerous security issues. Cisco came to know of these issues via reports from security researchers who found the flaws.

Specifically, three major security glitches were discovered in the Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers firmware.

One of these problems was the presence of static certificates and keys. According to the advisory,

Two static X.509 certificates with the corresponding public/private key pairs and one static Secure Shell (SSH) host key were found in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers.
Though, all three certificates only served the intended testing purposes. The developers inadvertently shipped these certificates with the firmware.

The other major vulnerability in these routers was the presence of hardcoded password hashes.

The /etc/shadow file included in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers has a hardcoded password hash for the root user.
Anyone with access to the base operating system could easily gain root access on the target device by exploiting this flaw.

Cisco also disclosed similar issues affecting the RV016, RV042, RV042G, and RV082 Routers in another informational advisory.

Cisco Patched The Flaws

Apart from the two security issues discussed above, Cisco also addressed numerous vulnerabilities affecting Third-party software (TPS) components. These vulnerabilities existed in the firmware of all these routers.

With regard to Cisco RV320 and RV325 routers, the firm has fixed the vulnerabilities and other issues with the firmware version

Whereas, for RV042, and RV042G Routers, Cisco rolled-out the patches with firmware version and later. However, the routers RV016 and RV082 have reached the end of lifetime.

Alongside patching the flaws, Cisco also acknowledged the researchers Stefan Viehböck and Thomas Weber of SEC Consult/IoT Inspector for reporting the bugs.

Let us know your thoughts in the comments.

Posted from my blog with SteemPress :

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  trending

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in: