Cisco has rolled out fixes for numerous important vulnerabilities in the net-based administration interface of Smaller Business enterprise routers that could likely allow for an unauthenticated, distant attacker to execute arbitrary code as the root user on an impacted product.
The flaws — tracked from CVE-2021-1289 by means of CVE-2021-1295 (CVSS score 9.8) — impression RV160, RV160W, RV260, RV260P, and RV260W VPN routers functioning a firmware launch previously than Release 1..01.02.
Along with the aforementioned a few vulnerabilities, patches have also been produced for two a lot more arbitrary file publish flaws (CVE-2021-1296 and CVE-2021-1297) affecting the identical set of VPN routers that could have created it attainable for an adversary to overwrite arbitrary data files on the susceptible method.
All the nine protection issues were documented to the networking machines maker by stability researcher Takeshi Shiomitsu, who has formerly uncovered similar crucial flaws in RV110W, RV130W, and RV215W Routers that could be leveraged for remote code execution (RCE) attacks.
Even though exact details of the vulnerabilities are nevertheless unclear, Cisco mentioned the flaws —
- CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, and CVE-2021-1295 are a outcome of inappropriate validation of HTTP requests, enabling an attacker to craft a specially-crafted HTTP request to the website-based mostly administration interface and attain RCE.
- CVE-2021-1296 and CVE-2021-1297 are thanks to insufficient input validation, allowing an attacker to exploit these flaws utilizing the internet-primarily based management interface to upload a file to a locale that they ought to not have access to.
Separately, an additional set of 5 glitches (CVE-2021-1314 by CVE-2021-1318) in the web-based mostly management interface of Modest Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers could have granted an attacker the capacity to inject arbitrary commands on the routers that are executed with root privileges.
And finally, Cisco also resolved 30 extra vulnerabilities (CVE-2021-1319 by means of CVE-2021-1348), affecting the similar established of products, that could make it possible for an authenticated, distant attacker to execute arbitrary code and even lead to a denial-of-service condition.
“To exploit these vulnerabilities, an attacker would have to have to have valid administrator credentials on the afflicted system,” Cisco explained in an advisory published on February 3.
Kai Cheng from the Institute of Facts Engineering, which is section of the Chinese Academy of Sciences, has been credited with reporting the 35 flaws in the router administration interface.
The organization also pointed out there’s been no proof of energetic exploitation attempts in the wild for any of these flaws, nor are there any workarounds that handle the vulnerabilities.