Cisco this week released security updates for flaws in various products including updates for Cisco RV320 and RV325 routers.
Now Hackers are targeting Cisco RV320 and RV325 routers after a security researcher released proof-of-exploit code for the flaws last week.
The vulnerabilities targeted by hackers are the First one is a command injection flaw (CVE-2019-1652) and the second one is information disclosure flaw in (CVE-2019-1653) Cisco RV320 and RV325 routers. Both of them are in the router’s’ web management interface.
The CVE-2019-1652 flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.
The flaw is due to the improper validation of user-supplied input. Attackers could exploit this flaw by sending malicious HTTP POST requests to the web-based management interface of an affected device.
The CVE-2019-1653 flaw allows an unauthenticated remote attacker to extract sensitive information.
The flaw is due to the improper access controls for URLs and an attacker could exploit this flaw by connecting to an affected device via HTTP or HTTPS and requesting specific URLs.
Using the PoC exploit code released attackers could obtain hashed credentials for privileged accounts and execute arbitrary commands in Cisco RV320 and RV325 routers.
The vulnerabilities were discovered by security researchers at RedTeam Pentesting firm and reported them to Cisco.
According to shodan, there are over 20,000 Cisco RV320/RV325 routers over the internet.
Troy Mursch, chief research officer at Bad Packets discovered that at least 9,657 (6,247 Cisco RV320 routers and 3,410, are Cisco RV325 routers) devices were vulnerable to information disclosure flaw.
The company also shared an interactive map showing the geographical distribution of vulnerable routers. Most of them were located in the U.S
You may be interested in reading:Blur Data Breach Potentially Exposed Data of 2.4 Million Users