Critical Flaws in Cisco SMB Routers
On Wednesday, August 3, Cisco released a security advisory warning of multiple vulnerabilities in some of its small business routers. The flaws affect the company’s RV160, RV260, RV340, and RV345 Series Routers. Cisco has made updates available.
It is Tuesday, so it must be time for more Cisco SMB router vulnerabilities. A quick search at nvd.nist.gov shows 7 critical vulnerabilities this year and 8 last year (and 25 total over the two years). I guess it is cheap enough for Cisco to push vulnerability discovery right and left.
The exploit comes from input which is not properly validated/sanitized. Update to the latest firmware, and make sure that the management interface is only available to authorized systems/users. While the CVSS scores are 8.3/10 (CVE-2022-20841) and 9/10 (CVE-2022-20827) - don't expect this vulnerability to remain on the “not actively exploited” list for long.