Routers are a fundamental piece for Internet connections. This means that in case a problem arises we can see how we could have limitations to access the network or even our data could be in danger. In this article we echo a vulnerability found in Cisco routers that will not be corrected.
A security flaw in Cisco routers will not be corrected
A group of security researchers has found a critical vulnerability affecting Cisco Small Business routers . The problem is that it affects devices that no longer receive updates, so this problem will not be corrected.
This security flaw would allow an attacker to execute arbitrary code as if it were the administrator and thus take control. This vulnerability is present in the administration interface. It specifically affects four models of Cisco routers: RV110W, RV130, RV130W and RV215W .
The vulnerability is due to incorrect validation of user-supplied inputs. This would open the door for a potential intruder to carry out a remote execution attack and compromise security.
The vulnerability has been registered as CVE-2021-1459 and has received a score of 9.8 out of 10. We are therefore facing a serious security breach. However, despite being a critical vulnerability, they will not receive a correction. These routers have been out of maintenance time for a few months now.
Cisco recommends changing devices
As we mentioned, Cisco is not releasing security updates for those models. They are no longer part of the teams that receive fixes when security issues arise. However, the company has recommended that users replace them with other more current models that do receive updates and are therefore safe.
They also indicate that users can see if the remote management feature is enabled. To do this, you would have to go to the web-based administration and choose Basic Configuration and Remote Administration. If the Enable checkbox is checked, remote management is enabled on the device.
As we always say, it is very important to keep the equipment properly updated . There are many occasions when vulnerabilities can arise that can be exploited by hackers and thus achieve their objective. However, if you are using an outdated device, which no longer receives regular updates, this could be a problem. This is the case of Cisco routers that will not receive a solution to the detected vulnerability CVE-2021-1459.
Especially network equipment, such as the router, it is even more important that they are updated, secure and that they have everything necessary to not put our security at risk. We must always have the latest firmware versions and be aware of possible updates and patches that may be released. We already explained in another article how to update network devices. It is something we should do whenever possible to improve performance and safety.
