iTnews

Cisco patches router firmware as exploit attempts appear

By Ry Crozier on Jan 28, 2019 12:17PM
Cisco patches router firmware as exploit attempts appear

Over 100 vulnerable hosts detected in Australia.

Cisco has released firmware upgrades for two small business routers to address vulnerabilities that could allow attackers to take control of the boxes.

Aside from upgrading the device firmware, the network equipment maker said there were “no workarounds” available.

The issue affects RV320 and RV325 dual gigabit WAN VPN routers running firmware releases 1.4.2.15 and 1.4.2.17, according to an advisory.

The vulnerability is in the “web-based management interface” used for the routers.

“The vulnerability is due to improper access controls for URLs,” Cisco said.

“An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and requesting specific URLs.

“A successful exploit could allow the attacker to download the router configuration or detailed diagnostic information.”

Security research firm Bad Packets said it had found 9,657 routers worldwide that were vulnerable.

It has incorporated these into an interactive map; most are in the United States, but Bad Packets found 109 vulnerable hosts in Australia and two vulnerable hosts in New Zealand.

Bad Packets said it had detected opportunistic scans for vulnerable routers from Saturday Australian time, and noted that a proof-of-concept had also been published that showed it was possible to use the exploits to take full control of the routers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cisco management router security vulnerability

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity
Building a ransomware remediation backup strategy
Building a ransomware remediation backup strategy

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Ry Crozier
Jan 28 2019
12:17PM
0 Comments

Related Articles

  • NSW govt sets up vulnerability tracking centre in Bathurst
  • Microsoft, Amazon, Cisco, Salesforce alarmed at security incident response takeover by govt
  • Spotless hit by ransomware attack
  • Ex-Cisco engineer deleted 456 VMs for WebEx Teams after exit
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra pilots its first neurodiversity recruitment program

Telstra pilots its first neurodiversity recruitment program

Update Chrome or risk remote takeover, US govt warns

Update Chrome or risk remote takeover, US govt warns

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.