The Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process and hence it won’t be fixed.
The vulnerability is tracked as (CVE-2022-20825) and has a CVSS severity rating of 9.8. The flaw found in the web-based management interface of Cisco Small Business Routers allows an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.
According to the Cisco security advisory, “the vulnerability is due to the insufficient user input validation of incoming HTTP packets”.
Therefore, an attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device using root-level privileges.
Affected Cisco Small Business RV Series Routers:
- RV110W Wireless-N VPN Firewall
- RV130 VPN Router
- RV130W Wireless-N Multifunction VPN Router
- RV215W Wireless-N VPN Router
The vulnerable web-based management interface of these devices is enabled on WAN connections. By default, the remote management feature is not enabled on these devices.
Cisco explains how to identify whether the remote management feature is enabled on a device, open the web-based management interface, and choose Basic Settings > Remote Management. If the Enable check box is checked, remote management is enabled on the device.
Workarounds and Software Updates
Cisco says no workarounds that address this vulnerability and the company has not released and will not release software updates to address the vulnerability.
Since Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers have entered the end-of-life process, there are no patches available. Moreover, there are no mitigations available other than to turn off remote management on the WAN interface, which should be done for enhanced overall security
As a result, Cisco recommends migrating to the Cisco Small Business RV132W, RV160, or RV160W Routers.
Notably, in recent times Cisco has patched a critical vulnerability in Cisco Secure Email that could allow attackers to bypass authentication and login into the web management interface of the Cisco email gateway.