A security flaw in Cisco routers will not be corrected
A group of security researchers has found a critical vulnerability that affects the Cisco Small Business routers. The problem is that it affects devices that no longer receive updates, so this problem will not be corrected.
This security flaw would allow an attacker to execute arbitrary code as if it were the administrator and thus take control. This vulnerability is present in the administration interface. It specifically affects four models of Cisco routers: RV110W, RV130, RV130W and RV215W.
The vulnerability is due to incorrect validation of user-supplied inputs. This would open the door for a potential intruder to carry out a remote execution attack and compromise security.
The vulnerability has been registered as CVE-2021-1459 and it has received a score of 9.8 out of 10. We are therefore facing a serious security breach. However, despite being a critical vulnerability, they will not receive a correction. These routers have been out of maintenance time for a few months now.
Cisco recommends changing devices
As we have mentioned, Cisco will not release updates security for those models. They are no longer part of the teams that receive fixes when security issues arise. However, the company has recommended that users replace them with other more current models that do receive updates and are therefore safe.
They also indicate that users can see if the remote management feature is enabled. To do this, you would have to go to the web-based administration and choose Basic Configuration and Remote Administration. If the Enable check box is checked, remote management is enabled on the device.
As we always say, it is very important keep equipment properly updated. There are many occasions when vulnerabilities can arise that can be exploited by hackers and thus achieve their objective. However, if you are using an outdated device that no longer receives regular updates, this could be a problem. This is the case of Cisco routers that will not receive a solution to the detected vulnerability CVE-2021-1459.
Especially network equipment, such as the router, it is even more important that they are updated, secure and that they have everything necessary to not put our security at risk. We must always have the latest firmware versions and be aware of possible updates and patches that may be released. We already explained in another article how to update network devices. It is something we should do whenever possible to improve performance and safety.