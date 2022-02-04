Users of Cisco's RV series of small to medium-sized business routers are advised to patch their equipment urgently to fix multiple critical vulnerabilities.

The vulnerabitilies allow attackers to run arbitrary code and commands on the routers, as well bypass user authentication and cause denial-of-service scenarios.

Attackers can also elevate user privileges and fetch and run unsigned software by exploiting the vulnerabilities, Cisco said.

Cisco has released patches for critical severity vulnerabilities affecting RV Series Routers. Read more at https://t.co/CgL7mAccYo. #Cybersecurity #InfoSec — US-CERT (@USCERT_gov) February 3, 2022

Three of the vulnerabilities are rated at the full 10.0 on the Common Vulnerabilities Scoring System (CVSS).

Cisco said the following routers need patching:

RV160 VPN

RV160W Wireless-AC VPN

RV260 VPN

RV260P VPN routers with PoE

RV260W Wireless-AC VPN

RV340 Dual WAN Gigabit VPN

RV340W Dual WAN Gigabit Wireless-AC VPN

RV345 Dual WAN Gigabit VPN

RV345P Dual WAN Gigabit POE VPN

In addition, the RV340, RV340W, RV345 and RV345P devices also contain some of the vulnerabilities in Cisco's security advisory, and need patching.

No workarounds are available for the vulnerabilities, Cisco said.