Hackers are targeting Cisco RV320/RV325, over 9K routers exposed online


Cisco released security updates to address security flaws in several products including Small Business RV320/RV325 routers and hackers are already targeting them.

The tech giant addressed two serious issues in Cisco’s Small Business RV320 and RV325 routers. The first one could be exploited by a remote and unauthenticated attacker with admin privileges. to obtain sensitive information (CVE-2019-1653), while the second one can be exploited for command injection (CVE-2019-1652).

Now, news of the day is that hackers are targeting Cisco RV320/RV325 routers using new exploits.

After the disclosure of proof-of-exploit code for security flaws in 
Cisco RV320 and RV325 routers, hackers started scanning the Internet for vulnerable devices in an attempt to take compromise them.

Cisco this week announced updates for router models RV320 and RV325 that fix a command injection (CVE-2019-1652) and an information disclosure (CVE-2019-1653) vulnerability; both of them are in the routers’ web management interface.

Chaining the two flaws it is possible to take over the Cisco RV320 and RV325 routers, the hackers exploit the bugs to obtain hashed passwords for a privileged account and run arbitrary commands as root.

Both vulnerabilities were reported by experts at RedTeam Pentesting firm, the proof-of-code exploit for the flaws was published by the experts after Cisco released the security update to address the flaws.

The experts published a proof-of-concept (PoC) exploit code for the command injection issue, the info disclosure flaw, and the data leak vulnerability.

Other PoC exploits were published by the security researcher David Davidson, who successfully tested them on Cisco RV320 routers.

Searching on Shodan for vulnerable Cisco RV320 and RV325 routers it is possible to find tens of thousands of devices online.

The popular expert Troy Mursch, chief research officer at Bad Packets, searched for vulnerable systems using the BinaryEdge search engine and found 9,657 devices exposed online (6,247 Cisco RV320 routers and 3,410, are Cisco RV325 routers).

View image on Twitter
View image on Twitter

Bad Packets Report@bad_packets

Incoming scans detected from multiple hosts checking for vulnerable Cisco RV320/RV325 routers.

A vulnerability in the web-based management interface of these routers could allow an unauthenticated, remote attacker to retrieve sensitive configuration information.658:10 PM – Jan 25, 201946 people are talking about thisTwitter Ads info and privacy

Mursch created an interactive map that shows the geographic distribution of vulnerable routers, the vast majority of them are located in the US.

Cisco Cisco RV320/RV325 routers


Laisser un commentaire

Next Post

Cobalt cybercrime gang abused Google App Engine in recent attacks

The Cobalt cybercrime gang has been using Google App Engine to distribute malware through PDF decoy documents. The Cobalt hacking group has been using Google App Engine to distribute malware through PDF decoy documents. The group targeted more than 20 other government and financial institutions worldwide.  Cobalt crime gang is a Russian […]