Cisco says it’s spotted more security flaws in its SMB routers

A critical security vulnerability has been discovered in a number of Cisco routers (Opens in a new tab) Which allows threat actors to bypass authentication, gain root access to the endpoint, and even fire arbitrary commands at the underlying operating system in the second phase of the attack.

The news comes from Cisco itself, which said it wouldn’t address the flaw because it was caught on endpoints that had reached the end of their lifespan. The flaw, tracked as CVE-2023-20025, affects Cisco Small Business RV016, RV042, RV042G, and RV082 routers. By sending a custom HTTP request to the web-based management interface of compromised routers, attackers can remotely bypass device authentication and exploit it.

Leave a Comment