Potential vulnerabilities in Cisco’s small business routers could allow a remote attacker to exploit the devices to get sensitive diagnostic data. Cisco, the networking hardware company, stated that the issue existed in its RV320 and RV325 Dual Gigabit WAN VPN business routers.
According to RedTeam Pentesting, a German-based security firm, the discovered vulnerabilities are located in the web-based management interface used for the routers and can be remotely exploitable.
The researchers at RedTeam stated the flaw CVE-2019-1652 allows attackers with administrative privileges on an affected device to execute arbitrary commands on the system and another flaw CVE-2019-1653 allows intruders to retrieve sensitive information including the router’s configuration file containing MD5 hashed credentials and diagnostic information. It’s found that approximately 9,657 Cisco routers (6,247 RV320 and 3,410 RV325) worldwide are vulnerable to the information disclosure, according to the researchers.
Cisco stated that it released firmware updates to patch up the vulnerabilities and suggested the users install the updates to prevent the risks.
“A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands,” Cisco stated in a post. “The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.”
Cisco faced similar issue last year when a flaw in its Smart Install Client routers was misused by a group of cyber miscreants to bring down internet services on a global scale. Over 200,000 router switches across the world were affected by this attack, of which 3500 were from Iran. According to Iran’s IT Minister Mohammad Javad Azari-Jahromi, Europe, India, and the U.S. were among those countries affected by the attack. The screens of the hacked machines had an image of the U.S. flag with the message “Don’t mess with our elections.”