There has been a security breach on the Cisco RV320 router. You need to upgrade your firmware right away.
I found the following on the web. https://www.theregister.co.uk/2019/01/26/security_roundup_250119/
Earlier this week, Cisco cleaned up a series of security flaws in its routers. Now, admins are being urged to apply those fixes as soon as possible now that exploits for two flaws in particular are public.
A security dev going by the name of David Davidson has provided proof-of-concept code that leverages a data-disclosure vulnerability (CVE-2019-1653) in the RV320 WAN router, and extracts various configuration files and other information from the machine. You don't have to be authenticated, you just have to be able to reach the router's web-based management portal. This is useful for checking whether or not a device is vulnerable, and whether Cisco's patch actually works.
The code also achieves remote code execution as root on the router (exploiting CVE-2019-1652) if you know any valid login creds for the box. You can always try to crack the passwords fetched via the info-disclosure bug, or brute-force or guess them.
What's more, botnet watcher Troy Mursch has spotted miscreants scanning the public internet for vulnerable RV320 routers. This means we now have both working exploits and people trying to find vulnerable devices.
If you're an admin at a company running one or more of these Cisco WAN routers, you will want to make sure all of the boxes have the latest patches installed, and you should probably do it ASAP.
I found the following on the web. https://www.theregister.co.uk/2019/01/26/security_roundup_250119/
Earlier this week, Cisco cleaned up a series of security flaws in its routers. Now, admins are being urged to apply those fixes as soon as possible now that exploits for two flaws in particular are public.
A security dev going by the name of David Davidson has provided proof-of-concept code that leverages a data-disclosure vulnerability (CVE-2019-1653) in the RV320 WAN router, and extracts various configuration files and other information from the machine. You don't have to be authenticated, you just have to be able to reach the router's web-based management portal. This is useful for checking whether or not a device is vulnerable, and whether Cisco's patch actually works.
The code also achieves remote code execution as root on the router (exploiting CVE-2019-1652) if you know any valid login creds for the box. You can always try to crack the passwords fetched via the info-disclosure bug, or brute-force or guess them.
What's more, botnet watcher Troy Mursch has spotted miscreants scanning the public internet for vulnerable RV320 routers. This means we now have both working exploits and people trying to find vulnerable devices.
If you're an admin at a company running one or more of these Cisco WAN routers, you will want to make sure all of the boxes have the latest patches installed, and you should probably do it ASAP.
