DIVD-2023-00017 - Cisco Small Business Router Authentication Bypass
|Case lead||Max van der Horst|
|Product||Cisco RV016, RV042, RV042G, RV082|
|Recommendation||Apply the proposed workaround by restricting access to port 443 and 60443 and disabling remote management.|
|Last modified||26 Sep 2023 10:53|
A vulnerability in the web-based management interface of End-of-Life Cisco Small Business RV042 Series Routers could allow an unauthenticated, remote attacker to bypass authentication on the affected device. This vulnerability is due to incorrect user input validation of incoming HTTP packets. An attacker could exploit this vulnerability by sending crafted requests to the web-based management interface. A successful exploit could allow the attacker to gain root privileges on the affected device.
What you can do
Because the vulnerable devices are End of Life, Cisco does not plan on releasing a patch for this vulnerability. Cisco advises to disable remote management and restrict access to ports 443 and 60443. Routers will still be accessible through the LAN interface after the mitigation has been implemented. In order to implement this workaround, please follow the steps mentioned in the Cisco security advisory in the references.
What we are doing
DIVD is currently scanning for Small Business routers of the mentioned types that are vulnerable. Owners of vulnerable systems receive a notification with instructions to update their router.
|15 Mar 2023||DIVD starts researching the vulnerability|
|15 Mar 2023||DIVD performs first scan for vulnerable instances.|
|16 Mar 2023||DIVD performs first mailrun.|
|03 Jul 2023||DIVD performs second mailrun.|
|26 Sep 2023||DIVD closes case after monitoring phase.|