Cisco Small Business VPN Router Vulnerabilities

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in its small business VPN routers, the most severe of which could allow arbitrary code execution as the root user of an affected device.

Tracked as CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, and CVE-2021-1295, the vulnerabilities exists due to improper validation of HTTP requests to the web-based management interfaces of the affected devices. An attacker can exploit the flaws by sending a crafted HTTP request to the web-based management interface of affected devices. Successful exploitation could allow the attacker to remotely execute arbitrary code on the device.

___________________________________

A. Nature of the Vulnerabilities

Vulnerable Cisco Small Business RV Series Routers are as follows:

RV160 VPN Router
RV160W Wireless-AC VPN Router
RV260 VPN Router
RV260P VPN Router with POE
RV260W Wireless-AC VPN Router

___________________________________

B. Actions to be Taken

CERT-PH recommends the following actions be taken:

Immediately test and apply the corresponding patched versions of the affected Cisco products. (https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv160-260-rce-XZeFkNHf)