Users of Cisco's RV series of small to medium-sized business routers are advised to patch their equipment urgently to fix multiple critical vulnerabilities.
The vulnerabitilies allow attackers to run arbitrary code and commands on the routers, as well bypass user authentication and cause denial-of-service scenarios.
Attackers can also elevate user privileges and fetch and run unsigned software by exploiting the vulnerabilities, Cisco said.
Three of the vulnerabilities are rated at the full 10.0 on the Common Vulnerabilities Scoring System (CVSS).
Cisco said the following routers need patching:
- RV160 VPN
- RV160W Wireless-AC VPN
- RV260 VPN
- RV260P VPN routers with PoE
- RV260W Wireless-AC VPN
- RV340 Dual WAN Gigabit VPN
- RV340W Dual WAN Gigabit Wireless-AC VPN
- RV345 Dual WAN Gigabit VPN
- RV345P Dual WAN Gigabit POE VPN
In addition, the RV340, RV340W, RV345 and RV345P devices also contain some of the vulnerabilities in Cisco's security advisory, and need patching.
No workarounds are available for the vulnerabilities, Cisco said.