Cisco patches router firmware as exploit attempts appear

By

Over 100 vulnerable hosts detected in Australia.

Cisco has released firmware upgrades for two small business routers to address vulnerabilities that could allow attackers to take control of the boxes.

Cisco patches router firmware as exploit attempts appear

Aside from upgrading the device firmware, the network equipment maker said there were “no workarounds” available.

The issue affects RV320 and RV325 dual gigabit WAN VPN routers running firmware releases 1.4.2.15 and 1.4.2.17, according to an advisory.

The vulnerability is in the “web-based management interface” used for the routers.

“The vulnerability is due to improper access controls for URLs,” Cisco said.

“An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs.

“A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.”

Security research firm Bad Packets said it had found 9,657 routers worldwide that were vulnerable.

It has incorporated these into an interactive map; most are in the United States, but Bad Packets found 109 vulnerable hosts in Australia and two vulnerable hosts in New Zealand.

Bad Packets said it had detected opportunistic scans for vulnerable routers from Saturday Australian time, and noted that a proof-of-concept had also been published that showed it was possible to use the exploits to take full control of the routers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

WestJet probes cyber security incident

WestJet probes cyber security incident

Log In

  |  Forgot your password?