Cisco has warned of two security vulnerabilities affecting its End-of-Life (EoL) Small Business RV016, RV042, RV042G, and RV082 routers, but they have been subject to proof-of-concept (PoC) exploits.
The issue is rooted in the router’s web-based management interface, allowing a remote adversary to bypass authentication and execute malicious commands on the underlying operating system.
The most severe of the two, CVE-2023-20025 (CVSS score: 9.0), is the result of improper validation of user input within incoming HTTP packets.
An attacker could remotely exploit this by sending a specially crafted HTTP request to a vulnerable router’s web-based management interface to bypass authentication and gain elevated permissions. I have.
Lack of proper validation was also the reason behind the second flaw tracked as CVE-2023-20026 (CVSS score: 6.5), where an attacker with valid administrator credentials could gain root-level privileges. , allowing access to unauthorized data.
“Cisco has not released and does not plan to release software updates to address these vulnerabilities,” the company said. “The Cisco Small Business RV016, RV042, RV042G, and RV082 routers have entered the end-of-life process.”
As a workaround, administrators are advised to disable remote administration and block access to ports 443 and 60443. [of the mitigation] in its own environment and in its own conditions of use. ”
Hou Liuyang of Qihoo 360 Netlab is credited for discovering this flaw and reporting it to Cisco.
The network equipment giant also said it was aware of the PoC code in the wild, but had not confirmed that the vulnerability had been exploited in an actual attack.
