Cisco fixes critical remote code execution issues in SMB VPN routers


Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to execute arbitrary code as root on vulnerable devices.

The flaws (CVE-2021-1289, CVE-2021-1290, CVE-2021-1291, CVE-2021-1292, CVE-2021-1293, CVE-2021-1294, CVE-2021-1295) have received a CVSS score of 9.8/10.

The flaws reside in the web-based management interface of Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W VPN Routers 

Read more…