Home Security Multiple Security Issues Detected In Cisco Small Business Routers

Multiple Security Issues Detected In Cisco Small Business Routers

by

Researchers have noted numerous security issues in multiple Cisco Small Business Routers. Since the vendors have now fixed the flaws, users must quickly update their devices to the latest firmware.

Cisco Small Business Routers Security Issues

As confirmed by Cisco in an advisory, Cisco Small Business Routers exhibited numerous security issues. Cisco came to know of these issues via reports from security researchers who found the flaws.

Specifically, three major security glitches were discovered in the Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers firmware.

One of these problems was the presence of static certificates and keys. According to the advisory,

Two static X.509 certificates with the corresponding public/private key pairs and one static Secure Shell (SSH) host key were found in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers.

Though, all three certificates only served the intended testing purposes. The developers inadvertently shipped these certificates with the firmware.

The other major vulnerability in these routers was the presence of hardcoded password hashes.

The /etc/shadow file included in the firmware for Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers has a hardcoded password hash for the root user.

Anyone with access to the base operating system could easily gain root access on the target device by exploiting this flaw.

Cisco also disclosed similar issues affecting the RV016, RV042, RV042G, and RV082 Routers in another informational advisory.

Cisco Patched The Flaws

Apart from the two security issues discussed above, Cisco also addressed numerous vulnerabilities affecting Third-party software (TPS) components. These vulnerabilities existed in the firmware of all these routers.

With regard to Cisco RV320 and RV325 routers, the firm has fixed the vulnerabilities and other issues with the firmware version 1.5.1.05.

Whereas, for RV042, and RV042G Routers, Cisco rolled-out the patches with firmware version 4.2.3.10 and later. However, the routers RV016 and RV082 have reached the end of lifetime.

Alongside patching the flaws, Cisco also acknowledged the researchers Stefan Viehböck and Thomas Weber of SEC Consult/IoT Inspector for reporting the bugs.

Let us know your thoughts in the comments.

The following two tabs change content below.

Avatar
Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]hackingnews.com
Avatar

Source link

Related Articles

Leave a Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More