In the latest developments, networking hardware and IT company Cisco Systems, Inc. have detected a critical security vulnerability prevailing its Small Business routers that they do not intend to deploy a security patch for.
A critical security vulnerability:
The Cisco Small Router is a range of organization-focused routers that are deployed for small enterprises and businesses to supply and maintain internet services and traffic.
The particular bug or security vulnerability in these routers is an RCE vulnerability i.e a remote code execution vulnerability.
Tracked as CVE-2021-1459, the RCE bug scores a critical vulnerability rating of 9.8 on the CVSS score.
The RCE bug in the routers facilitates an unauthenticated, remote attacker to execute arbitrary code on an affected router system.
The bug is a consequence of improper validation of user-supplied input in the web-based management interface.
An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device.
The vulnerability currently impacts the Cisco RV110W VPN firewall and the Small Business RV130, RV130W, and RV215W.
Security advisory from Cisco:
Cisco has since released a security advisory addressing the vulnerability.
“A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the affected device,” notes Cisco in the advisory.
Security researcher named Treck Zhou is the one responsible for reporting the critical vulnerability.
Also read,
Cisco has provided that currently, there have been no cases reported for the active exploitation of the RCE vulnerability in the wild.
As a result, no security fixes or workarounds will be deployed for the RCE vulnerability plagued devices by the company.
The company has determined this decision on the basis that the impacted devices have reached end-of-life and as a result, have recommended customers to migrate.
