A new critical flaw, CVE-2019-1663, residing in Cisco wireless VPN and firewall routers was just reported. Businesses should update immediately to protect against the flaw.
More specifically, CVE-2019-1663 is a serious vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. The exploit could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.
According to the official advisory, the vulnerability is triggered by improper validation of user-supplied data in the web-based management interface.
The flaw could be exploited if an attacker sends malicious HTTP requests to a targeted device. As a result of this, the attacker could be able to execute arbitrary code as a high-privilege user.
With that in mind, customers with enabled remote-management feature, a feature which is typically disabled by default, are exposed to a remote attack.
Cisco Products Affected by CVE-2019-1663
The vulnerability affects all releases of the following Cisco products:
RV110W Wireless-N VPN Firewall
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router
The vulnerability has been fixed in RV110W Wireless-N VPN Firewall: 188.8.131.52, RV130W Wireless-N Multifunction VPN Router: 184.108.40.206, and RV215W Wireless-N VPN Router: 220.127.116.11.
To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings and then Remote Management. If the Enable box is checked, remote management is enabled for the device, Cisco explains.
It’s not known whether the flaw was exploited in the wild. What is known is that Chinese security researchers revealed the bug during the GeekPwn Shanghai conference which took place in October, 2018. No workarounds are available for this vulnerability.