What's new

NEEDED Cisco RV320 router Firmware Update

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

coxhaus

Part of the Furniture
There has been a security breach on the Cisco RV320 router. You need to upgrade your firmware right away.

I found the following on the web. https://www.theregister.co.uk/2019/01/26/security_roundup_250119/

Earlier this week, Cisco cleaned up a series of security flaws in its routers. Now, admins are being urged to apply those fixes as soon as possible now that exploits for two flaws in particular are public.

A security dev going by the name of David Davidson has provided proof-of-concept code that leverages a data-disclosure vulnerability (CVE-2019-1653) in the RV320 WAN router, and extracts various configuration files and other information from the machine. You don't have to be authenticated, you just have to be able to reach the router's web-based management portal. This is useful for checking whether or not a device is vulnerable, and whether Cisco's patch actually works.

The code also achieves remote code execution as root on the router (exploiting CVE-2019-1652) if you know any valid login creds for the box. You can always try to crack the passwords fetched via the info-disclosure bug, or brute-force or guess them.

What's more, botnet watcher Troy Mursch has spotted miscreants scanning the public internet for vulnerable RV320 routers. This means we now have both working exploits and people trying to find vulnerable devices.

If you're an admin at a company running one or more of these Cisco WAN routers, you will want to make sure all of the boxes have the latest patches installed, and you should probably do it ASAP.
 
so if the router's web based management is unreachable from WAN, you should be safe? Although router management should never be available to WAN or any big LAN.
 
Yes, but anybody close can access your wireless and gain access to the web login screen on the router whether they can logon or not.
 
Yes, but anybody close can access your wireless and gain access to the web login screen on the router whether they can logon or not.
Segmentation. Security issues on mikrotik is also prevented the same way, by preventing management access to WAN and others. This is something you cant do with consumer routers where a security issue could mean management accessed from WAN and nothing you can do of it, except for RMerlin's firmware which lets you set iptables. Its why im on a warpath against dlink as their security flaws are so bad even in IoT where their IP cams had issues that allowed for you to view other peoples IP cams.
 
Yes I could segment the router off by port and control access. The router is my front door to the internet and my DNS cache so I need to have overall access from client devices on the LAN side to the router. It is good Cisco keeps up with security so all I have to do is patch the firmware rather than dink with the ACLs to block by port something which should be fixed with firmware updates.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top