Cisco says it won’t patch these dangerous VPN security flaws in its SMB routers

Cisco has said it won’t be issuing any further updates for three vulnerable routers which could apparently allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network.

Customers of the networking giant should check out if their set-ups include the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router.

On the plus side, Cisco said its security team is not aware of any public announcements or malicious use of the vulnerability, which was given a severity rating of medium, which is described in this advisory.

Router security

Cisco recommends possibly impacted users should migrate to Cisco Small Business RV132W, RV160, or RV160W routers.

For those currently low on funds, unfortunately, there are no workarounds that address this vulnerability according to Cisco. 

Users of the routers in question may have at least gotten a good amount of bang for their buck.

The networking giant hasn’t sold the RV110W and RV130 since 2017, and only officially ended support for them in 2022.

Unfortunately, networking hardware remains an extremely common endpoint for cyber criminals to try and gain access to organizations and as a result, it’s a good idea to keep your hardware filled patched at all times.

You can check if the vulnerability impacts you by logging into the web-based management interface and choosing “VPN > IPSec VPN Server > Setup”.

If the Server Enable check box is checked, the IPSec VPN Server is enabled on the device, potentially putting you in danger.

  • Is security a key factor when it comes to your organization’s approach to networking? Check out our guide to the best routers.

Go to Source