Cisco alerted that several routers in its Small Business series contain vulnerabilities that could provide remote access to cybercriminals. The models have reached end-of-life status, meaning no patches are available.
Cisco stated that the vulnerabilities affect its RV016, RV042, RV042G and RV082 routers. Exploits allow cybercriminals to bypass authentication, remotely access devices and issue arbitrary commands to the underlying operating systems.
Vulnerabilities
The first vulnerability, CVE-2023-20025, results from improper validation of user input in incoming HTTP packets. Cybercriminals can exploit the vulnerability by sending a modified HTTP request to the web-based interface of affected routers. This bypasses authentication and provides root access to the operating system.
The second vulnerability, CVE-2023-20026, ultimately results in the same outcome. Cybercriminals can gain root-level privileges and access unauthorized data. However, in this case, they must have management login credentials to do so.
Cisco said that there are no patches or workarounds available. The organization recommends users turn off remote physical management and block ports 443 and 60443, leaving the LAN interface available for safe access.
Tip: Cisco escapes €2.6 billion in damages for patent infringement