Tech »  Topic »  Critical Vulnerabilities Allow Hacking of Cisco Small Business Routers

Critical Vulnerabilities Allow Hacking of Cisco Small Business Routers


Updates released by Cisco for some of its small business routers patch serious vulnerabilities that could allow threat actors to take control of affected devices.

Three vulnerabilities have been identified by external researchers in Cisco’s RV160, RV260, RV340, and RV345 series VPN routers. An unauthenticated attacker could exploit the flaws remotely for arbitrary code execution and denial-of-service (DoS) attacks.

Two of the vulnerabilities have been assigned a ‘critical’ severity rating. One of them, CVE-2022-20842, affects the routers’ web-based management interface and is caused by insufficient user input validation. An attacker can exploit the weakness by sending specially crafted HTTP requests to the targeted device. Successful exploitation can result in arbitrary code being executed on the underlying operating system (OS) with root privileges, or the targeted device entering a DoS condition.

The second critical security hole, CVE-2022-20827, affects the routers’ web filter database update feature. Specially crafted requests aimed at ...


Copyright of this story solely belongs to securityweek . To see the full text click HERE