Zero-day vulnerability affects Cisco small business routers

August 23, 2021

A vulnerability in the Universal Plug-and-Play (UPnP) service of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

This vulnerability is due to improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a DoS condition.

This vulnerability affects the following Cisco Small Business RV Series Routers if they have UPnP configured:

RV110W Wireless-N VPN Firewalls
RV130 VPN Routers
RV130W Wireless-N Multifunction VPN Routers
RV215W Wireless-N VPN Routers

Cisco has not and will not release software updates to address this vulnerability, as "there are no workarounds that address this vulnerability," Cisco says. However, administrators may disable the affected feature.

"The new UPnP vulnerabilities found in the Cisco Small Business line of routers should be taken seriously by network security teams. Exposure should be identified and prioritized based on contextualized business risk," says Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, a provider of SaaS for enterprise cyber risk remediation. "Based on this measure of risk, steps to mitigate the threat should be taken to protect the business."

Zach Varnell, Senior AppSec Consultant at nVisium, a Falls Church, Virginia-based application security provider, explains, "These are very popular Cisco devices, and it's extremely common for said devices to rarely — or never — receive updates. Users tend to want to leave well enough alone and not touch a device that's been working well — including when it needs important updates. Many times, users also take advantage of plug-and-play functionality, so they do very little or zero configuration changes, leaving the device at its default status and ultimately vulnerable."

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Security Operations Centers (SOCs) are a crucial component of safety and security culture. They support many strategic business objectives, from lowering costs and minimizing risk to improving employee trust and morale.

Poll

Business Travel Security

View Results

Poll Archive

Products

Effective Security Management, 7th Edition

Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics.

See More Products

Zero-day vulnerability affects Cisco small business routers

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.

Zero-day vulnerability affects Cisco small business routers

Related Articles

Get our new eMagazine delivered to your inbox every month.

Stay in the know on the latest enterprise risk and security industry trends.