16 June 2016

Cisco released yesterday a critical security advisory, describing remote code execution vulnerability in Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router and Cisco RV215W Wireless-N VPN Router.

The vulnerability resides within web management interface and can be used by attacker to gain remote root privileges. A remote unauthenticated attacker can send a specially crafted HTTP request to web interface of vulnerable device and execute arbitrary code on the targets system with root-level privileges. The vulnerability may allow an attacker to gain access to local network behind the router and conduct further attacks, such as intercept all network traffic, access local network resources, etc.

By default, web management interface is accessible from local network only, or when remote management feature is enabled on the device.

To determine whether the remote management feature is enabled for a device, open the web-based management interface for the device and then choose Basic Settings > Remote Management. If the Enable check box is checked, remote management is enabled for the device and your router is remotely exploitable.

Cisco will release new firmware in the third quarter of 2016 to address this vulnerability:

For the Cisco RV110W Wireless-N VPN Firewall, Release 1.2.1.7

For the Cisco RV130W Wireless-N Multifunction VPN Router, Release 1.0.3.16

For the Cisco RV215W Wireless-N VPN Router, Release 1.3.0.8

As a workaround, we suggest you to disable remote management feature.