Home > Cyber News > CVE-2019-1663: Critical Flaw in Cisco Wireless VPN and Firewall Routers
CYBER NEWS

CVE-2019-1663: Critical Flaw in Cisco Wireless VPN and Firewall Routers

by   |  Last Update:  |  0 Comments  

A new critical flaw, CVE-2019-1663, residing in Cisco wireless VPN and firewall routers was just reported. Businesses should update immediately to protect against the flaw.




More specifically, CVE-2019-1663 is a serious vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router. The exploit could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

According to the official advisory, the vulnerability is triggered by improper validation of user-supplied data in the web-based management interface.

The flaw could be exploited if an attacker sends malicious HTTP requests to a targeted device. As a result of this, the attacker could be able to execute arbitrary code as a high-privilege user.

With that in mind, customers with enabled remote-management feature, a feature which is typically disabled by default, are exposed to a remote attack.

Cisco Products Affected by CVE-2019-1663

The vulnerability affects all releases of the following Cisco products:

RV110W Wireless-N VPN Firewall
RV130W Wireless-N Multifunction VPN Router
RV215W Wireless-N VPN Router

The vulnerability has been fixed in RV110W Wireless-N VPN Firewall: 1.2.2.1, RV130W Wireless-N Multifunction VPN Router: 1.0.3.45, and RV215W Wireless-N VPN Router: 1.3.1.1.

To determine whether the remote management feature is enabled for a device, administrators can open the web-based management interface and choose Basic Settings and then Remote Management. If the Enable box is checked, remote management is enabled for the device, Cisco explains.

It’s not known whether the flaw was exploited in the wild. What is known is that Chinese security researchers revealed the bug during the GeekPwn Shanghai conference which took place in October, 2018. No workarounds are available for this vulnerability.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Related posts:
  1. Which Are the Most Secure Routers in 2017 *The data in this table may update every week because...
  2. Cisco Won’t Fix 68 Vulnerabilities in Some Small Business Routers Cisco’s Small Business RV110W, RV130, RV130W, and RV215W routers contain...
  3. CVE-2021-1609 and CVE-2021-1610 in Cisco Small Busines Routers, Patch Now Cisco released patches to fix several critical security vulnerabilities in...
  4. The Most Secure VPN Services (Update July 2020) RATING ENCRYPTION DNS Leak Protection LOGGING SERVERS 1 NordVPNSee Review...
  5. Router Security: 10 Simple Tips to Protect Yourself Routers are an important part of the communication network. This...
  6. Most Secure VPN for Turkey RATING ENCRYPTION DNS Leak Protection LOGGING SERVERS 1 Hotspot ShieldSee...
  7. Most Secure VPNs for USA (2021) RATING ENCRYPTION DNS Leak Protection LOGGING SERVERS 1 Hotspot ShieldSee...
  8. Top Logless VPN Services in 2018 RATING ENCRYPTION DNS Leak Protection LOGGING SERVERS 1 NordVPNSee Review...

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree