Cisco Small Business Routers plagued by several critical flaws

Pierluigi Paganini August 04, 2016

Security experts have uncovered several critical flaws in Cisco Small Business Routers that in some cases could result in the take over of the device

Security experts Adam Zielinski and Harri Kuosmanen reported to CISCO several critical and high severity flaws in the CISCO Small Business Routers.

According to CISCO, the CVE-2015-6397 flaw affects RV series routers, the RV110W, RV130W and RV215W model include a default account that can be exploited by attackers to gain root access to the device. In a secure environment, a default account should normally have least privileges, but in Cisco Small Business Routers belonging the RV series it has root privileges.

“A vulnerability in the default account when used with a specific configuration of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to gain root access to the device. The account could incorrectly be granted root privileges at authentication time.” states the security advisory published by CISCO.

Cisco also issued another security advisory about a critical vulnerability (CVE-2016-1430) affecting the RV180 and RV180W VPN routers. A remote authenticated attacker can exploit the flaw in the web interface  to execute arbitrary code with root privileges.

“A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges.” states the advisory published by CISCO. 
“The vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to execute arbitrary commands with root-level privileges.”

CISCO Cisco Small Business Routers

CISCO also confirmed that the RV180 and RV180W VPN routers are affected by a high severity vulnerability (CVE-2016-1429) that can be exploited by a remote attacker to perform a directory traversal and access arbitrary files on the system.

“A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an unauthenticated, remote attacker to access arbitrary files on the system. This vulnerability allows the attacker to perform directory traversal.” states CISCO. 
“The vulnerability is due to lack of proper input verification and sanitization of the user input directory path. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to read arbitrary files on the system that should be restricted.”

The bad news does not end there, the RV110W, RV130W, and RV215W routers are also affected by a medium severity command shell injection flaw that could be exploited by a local attacker to inject arbitrary shell commands.

Cisco has already released firmware updates for the address the flaws affecting RV110W, RV130W and RV215W routers. Unfortunately, CISCO will not issue release patches for the RV180 and RV180W models because they are no more available on the marker.

The good news is that CISCO is not aware of any attacks against its Cisco Small Business Routers involving the above vulnerabilities.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cisco Small Business Routers, hacking)



you might also like

leave a comment