Advisory ID: NCC-CSIRT-1601-003
Summary: There are multiple vulnerabilities in the web-based management interface of Cisco Small Business (SMB) routers that reach end-of-life (the routers no longer receive security updates). Successful exploits of these vulnerabilities could allow a remote attacker to bypass authentication or execute arbitrary commands on the underlying operating system of an affected device. Additionally, attackers might intercept, or hijack virtual private network (VPN) and session traffic passing via the device, obtain access to a company's network, or execute malware such as botnet clients, crypto-miners, or other malicious software.
Vulnerable Platform(s): Operating systems
Threat Type:
- Vulnerability
Product : Cisco Routers
Version: All versions of the RV016 Multi-WAN VPN Routers, RV042 Dual WAN VPN Routers, RV042G Dual Gigabit WAN VPN Routers, and RV082 Dual WAN VPN Routers
Description: The first vulnerability is a critical-rated authentication bypass. The vulnerability exists because user input within incoming HTTP packets is not properly validated, allowing an attacker to send crafted HTTP requests to the web-based management interface of the targeted router, to bypass authentication and gain root access to the underlying operating system.
The second vulnerability is remote command execution. Like the first vulnerability, this results due to improper validation of user input within incoming HTTP packets. To exploit this vulnerability, an attacker would need to have valid administrative credentials on the affected device. A successful exploit could allow the attacker to gain root-level privileges and access unauthorized data.
Consquences:
Attackers take full control of a target device to run commands with root privileges
Impact/Probability: CRITICAL/HIGH
Solution :
There are no workarounds that address the vulnerabilities so far. However, according to Cisco, a possible mitigation would be to disable remote management of the routers and block access to ports 443 and 60443. This mean that the routers would only be accessible through the LAN interface.