CISCO Will NOT Patch SOHO Routers

Vulnerability Details

This vulnerability is due to improper validation of user input when prompted on the web-based management system. An attacker can craft an HTTP request on the device, and if done correctly, it can allow for code execution as the root user. This is an example of a buffer overflow bug that allows for unauthenticated, remote attackers to infiltrate a device. The vulnerability was found on April 7th, 2021, and has been assigned CVE-2021–1459.

Effected Systems

CVE-2021–1459 affects three of Cisco’s small business routers and one of their VPN firewalls. This includes the RV110W, RV130, RV130W, and RV215W. The issue is related to the web-based interface, and any attacker can exploit this vulnerability on these routers. An appropriately crafted HTTP request will be able to exploit the targeted system. It has been assigned a 9.8 out of 10 on the CVSS vulnerability severity scale. These systems have been deemed to have reached the “end of life” and are no longer supported.

Remediation

Cisco Systems states that it will not fix the critical vulnerability found in three of its SOHO routers. The possible workarounds such as disabling the web-based management interface are not available as it is available through a LAN connection. Since these devices are now being considered no longer supported, Cisco recommends replacing these devices as soon as possible. There are no proper workarounds, and any of these systems will continue to be vulnerable in the future. Small businesses need to be made aware of and replace these devices.

Upon request, the Maryville Cyber Fusion Center can perform a security audit, determining if you are vulnerable to this and suggest or assist with remediation if vulnerabilities exist. Please reach out to cyber@maryville.edu if you have any questions or concerns relating to this vulnerability.