Disclosure of proof-of-exploit code for security bugs in Cisco routers for small businesses prompted hackers to scan for vulnerable devices in an attempt to take full control of them.
Cisco this week announced updates for router models
RV320 and RV325 that fix a command injection (
CVE-2019-1652) and an information disclosure (
CVE-2019-1653) vulnerability; both of them are in the routers' web management interface.
Exploiting the former requires authentication and admin privileges to allow a remote attacker to execute arbitrary commands on the system. The latter security issue is also remotely exploitable, but it does not need authentication to get sensitive information from the router.
Exploit code available
A hacker chaining the two bugs could target RV320 and RV325 routers available online to obtain hashed access credentials for a privileged account and thus be able to run arbitrary commands as root.
Germany company RedTeam Pentesting found the issues in Cisco RV320 and reported them privately to Cisco. The researchers also found that RV320 exposes diagnostic data.