Cisco has rolled out fixes for a number of important vulnerabilities within the web-based administration interface of Small Enterprise routers that might doubtlessly permit an unauthenticated, distant attacker to execute arbitrary code as the basis person on an affected machine.
The flaws — tracked from CVE-2021-1289 by means of CVE-2021-1295 (CVSS rating 9.8) — impression RV160, RV160W, RV260, RV260P, and RV260W VPN routers working a firmware launch sooner than Launch 1.0.01.02.
Together with the aforementioned three vulnerabilities, patches have additionally been launched for 2 extra arbitrary file write flaws (CVE-2021-1296 and CVE-2021-1297) affecting the identical set of VPN routers that might have made it doable for an adversary to overwrite arbitrary information on the susceptible system.
All of the 9 safety points have been reported to the networking gear maker by safety researcher Takeshi Shiomitsu, who has beforehand uncovered similar critical flaws in RV110W, RV130W, and RV215W Routers that may very well be leveraged for distant code execution (RCE) assaults.
Whereas precise specifics of the vulnerabilities are nonetheless unclear, Cisco stated the failings —
- CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, and CVE-2021-1295 are a results of improper validation of HTTP requests, permitting an attacker to craft a specially-crafted HTTP request to the web-based administration interface and obtain RCE.
- CVE-2021-1296 and CVE-2021-1297 are resulting from inadequate enter validation, allowing an attacker to take advantage of these flaws utilizing the web-based administration interface to add a file to a location that they need to not have entry to.
Individually, one other set of five glitches (CVE-2021-1314 by means of CVE-2021-1318) within the web-based administration interface of Small Enterprise RV016, RV042, RV042G, RV082, RV320, and RV325 routers might have granted an attacker the power to inject arbitrary instructions on the routers which might be executed with root privileges.
Lastly, Cisco additionally addressed 30 additional vulnerabilities (CVE-2021-1319 by means of CVE-2021-1348), affecting the identical set of merchandise, that might permit an authenticated, distant attacker to execute arbitrary code and even trigger a denial-of-service situation.
“To take advantage of these vulnerabilities, an attacker would want to have legitimate administrator credentials on the affected machine,” Cisco stated in an advisory printed on February 3.
Kai Cheng from the Institute of Data Engineering, which is a part of the Chinese language Academy of Sciences, has been credited with reporting the 35 flaws within the router administration interface.
The corporate additionally famous there’s been no proof of lively exploitation makes an attempt within the wild for any of those flaws, nor are there any workarounds that handle the vulnerabilities.