Some Security Fixes for Your Cisco Routers… No, Not Yours, Just Others
Cisco decided to give us a good start to the week by providing details on five critical bugs affecting four router models, including three of the highest severity bugs. The problem is not so much that they informed us, the problem lies in the fact that they have not yet offered fixes for two of the four affected models.
The specific routers are the RV160, RV260, RV340, and RV345 and if you have one of the latter two on your network, you should apply the security patches. If you’re using an RV160 or RV260, so far the advice is to turn them off and hurry to wait. The three top-rated vulnerabilities cover everything, with remote code execution, elevation of privilege, and command injection all currently possible. All of this is possible without physical access to your hardware, all can be done over HTTPS or by submitting commands over the network.
According to a report The Register has seen, there are “at least 8,400 publicly available Cisco routers” that are unpatched for these flaws, but the good news is that although proof-of-concept exists, the Shodan analysis from security firm Tenable showed no signs of published exploits. to the usual deposits.