Cisco Fixed Routers Vulnerabilities that Allows Hackers to Run Remote Code with Root Access

From gbhackers.com

Cisco released security updates with the fixes for a serious security flaw that affected Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers and Cisco HyperFlex Software.

It consists of 6 vulnerabilities fixes, 4 vulnerabilities are marked under “High” severity and 2 vulnerabilities marked as “Medium” severity.

An information disclosure vulnerability CVE-2019-1653 in the web-based management interface of Cisco Small Business RV320 and RV325 allows a remote attacker to retrieve sensitive information.

RV320 and RV325 Routers Command Injection Vulnerability CVE-2019-1652 could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

Read more…