On Thursday Cisco announced new security patches to definitively address two vulnerabilities in Small Business RV320 and RV325 routers.
Last week Cisco revealed that security patches released in January to address vulnerabilities in Small Business RV320 and RV325 routers were incomplete.
“The initial fix for this vulnerability was found to be incomplete. Cisco is currently working on a complete fix,” reads the security advisory published by Cisco.. “Firmware updates that address this vulnerability are not currently available. There are no workarounds that address this vulnerability.”
The tech giant also confirmed that the flaws have been exploited in attacks in the wild.
On Thursday Cisco announced a new set of security patches for the RV320 and RV325 routers to correctly address the vulnerabilities.
The company attempted to fix two vulnerabilities in January, but the initially released patches were incomplete. The first one could be exploited by a remote and unauthenticated attacker with admin privileges to obtain sensitive information (CVE-2019-1653), while the second one can be exploited for command injection (CVE-2019-1652).
Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root.
Over 9,600 routers were found to be impacted, and all remained exposed due to the incomplete patches.
After Cisco released security patches, hackers started exploiting the flaws in the routers. After the disclosure of proof-of-exploit code for security flaws in Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them.
Searching on Shodan for vulnerable Cisco RV320 and RV325 routers it is possible to find tens of thousands of devices online.
The popular expert Troy Mursch, chief research officer at Bad Packets, searched for vulnerable systems using the BinaryEdge search engine and found 9,657 devices exposed online (6,247 Cisco RV320 routers and 3,410, are Cisco RV325 routers).
Both vulnerabilities affect Small Business RV320 and RV325 Dual Gigabit WAN VPN routers running firmware versions 184.108.40.206 through 220.127.116.11. Cisco addressed the issues with the release of version 18.104.22.168, Cisco.