Cisco Releases Critical Security Update for Small Business RV Series Routers
Summary
Critical Cisco Security Advisory for Small Business RV Series Routers rates the combined vulnerabilities with a CVSSv3 score of 10.0
Affected platforms
The following platforms are known to be affected:
Versions: RV160 and RV260 Series Routers – 1.0.01.05 and earlier
Cisco Small Business RV Series VPN Router
Versions: RV340 and RV345 Series Routers – 1.0.03.24
Cisco Dual WAN Gigabit VPN Router
The following platforms are also known to be affected:
Many Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers are affected by at least one of these vulnerabilities.
- RV160 VPN Routers
- RV160W Wireless-AC VPN Routers
- RV260 VPN Routers
- RV260P VPN Routers with PoE
- RV260W Wireless-AC VPN Routers
- RV340 Dual WAN Gigabit VPN Routers
- RV340W Dual WAN Gigabit Wireless-AC VPN Routers
- RV345 Dual WAN Gigabit VPN Routers
- RV345P Dual WAN Gigabit POE VPN Routers
Threat details
Introduction
Cisco has released a critical security update to address vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers. The update concerns remote code execution (RCE), privilege escalation, remote command execution, bypass authentication and authorisation protections, fetch and run unsigned software, and cause a denial-of-service condition.
A remote, unauthenticated attacker could exploit some of these vulnerabilities to take control of an affected system.
Remediation advice
Affected organisations are encouraged to review the following Cisco Security Advisory and apply the necessary updates or workarounds.
Remediation steps
| Patch |
Cisco Small Business RV Series Routers Vulnerabilities – cisco-sa-smb-mult-vuln-KA9PK6D https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D |
