Critical vulnerabilities in Cisco’s SMB routers
The web interface of the Cisco RV series routers allows various unauthenticated actions – updates turn this off.
Cisco’s RV series routers are often used as firewalls, VPN servers and WLAN access points, especially in small and medium-sized companies. Management is via a web interface. If you can “talk” to this, you may not even need access data to take complete control of the device. Cisco is delivering updates to fix this.
The vulnerabilities specifically affect the Cisco RV160, RV260, RV340, and RV345 series small business routers. The worst of these (CVE-2022-20842) allows the attacker to inject their own code into the device and run it as root. With a CVSS score of 9.8, it rightly ranks very high on the scale, which reaches a maximum of 10. But the other two vulnerabilities (CVE-2022-20827 and CVE-2022-20841) are only slightly behind at 9.0 and 8.3.
Cisco provides updates for the affected systems and strongly recommends that administrators install them quickly. According to the Cisco advisory, there are no workarounds. This is the second time since February that these devices have been affected by critical vulnerabilities this year.