Cisco released security updates to address security flaws in several products including Small Business RV320/RV325 routers and hackers are already targeting them.
The tech giant addressed two serious issues in Cisco’s Small Business RV320 and RV325 routers. The first one could be exploited by a remote and unauthenticated attacker with admin privileges. to obtain sensitive information (CVE-2019-1653), while the second one can be exploited for command injection (CVE-2019-1652).
Now, news of the day is that hackers are targeting Cisco RV320/RV325 routers using new exploits.
After the disclosure of proof-of-exploit code for security flaws in
Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them.
Cisco this week announced updates for router models RV320 and RV325 that fix a command injection (CVE-2019-1652) and an information disclosure (CVE-2019-1653) vulnerability; both of them are in the routers’ web management interface.
Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root.
Both vulnerabilities were reported by experts at RedTeam Pentesting firm, the proof-of-code exploit for the flaws was published by the experts after Cisco released the security update to address the flaws.
The experts published a proof-of-concept (PoC) exploit code for the command injection issue, the info disclosure flaw, and the data leak vulnerability.
Other PoC exploits were published by the security researcher David Davidson, who successfully tested them on Cisco RV320 routers.
Searching on Shodan for vulnerable Cisco RV320 and RV325 routers it is possible to find tens of thousands of devices online.
The popular expert Troy Mursch, chief research officer at Bad Packets, searched for vulnerable systems using the BinaryEdge search engine and found 9,657 devices exposed online (6,247 Cisco RV320 routers and 3,410, are Cisco RV325 routers).
Bad Packets Report@bad_packets
WARNING
Incoming scans detected from multiple hosts checking for vulnerable Cisco RV320/RV325 routers.
A vulnerability in the web-based management interface of these routers could allow an unauthenticated, remote attacker to retrieve sensitive configuration information.658:10 PM – Jan 25, 201946 people are talking about thisTwitter Ads info and privacy
Mursch created an interactive map that shows the geographic distribution of vulnerable routers, the vast majority of them are located in the US.
Source:https://securityaffairs.co/wordpress/80363/hacking/cisco-rv320-rv325-hack.html