Alert: Multi critical security vulnerability in Cisco routers
Vulnerability Details
CVE-2020-3330: Cisco Small Business RV110W Wireless-N VPN Firewall static default credentials vulnerability
- Cisco Small Business RV110W Wireless-N VPN Firewall Firmware version <1.2.2.8
Unaffected version
- Cisco Small Business RV110W Wireless-N VPN Firewall Firmware version >= 1.2.2.8
Solution
CVE-2020-3323: Cisco Small Business RV110W, RV130, RV130W, RV215W router management interface remote command execution vulnerability
CVE-2020-3323 exists in the web management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W routers. This would allow an unauthenticated remote attacker to execute arbitrary code on the affected device.
Affected version
- RV110W Wireless-N VPN Firewall < 1.2.2.8
-
RV130 VPN Router < 1.0.3.54
- RV130W Wireless-N Multifunctional VPN Router < 1.0.3.54
-
RV215W Wireless-N VPN Router < 1.3.1.7
Unaffected version
- RV110W Wireless-N VPN Firewall >= 1.2.2.8
-
RV130 VPN Router >= 1.0.3.54
- RV130W Wireless-N Multifunctional VPN Router >= 1.0.3.54
-
RV215W Wireless-N VPN Router >= 1.3.1.7
Solution
Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.
CVE-2020-3144: Cisco RV110W, RV130, RV130W, RV215W Router Authentication Bypass Vulnerability
CVE-2020-3144 exists in the web management interface of the Cisco RV110W Wireless-N VPN firewall, RV130 VPN router, RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN router. This may allow unauthenticated remote attackers to bypass authentication and execute arbitrary commands on the affected device.
Affected version
- RV110W Wireless-N VPN Firewall < 1.2.2.8
-
RV130 VPN Router < 1.0.3.55
- RV130W Wireless-N Multifunctional VPN Router < 1.0.3.55
-
RV215W Wireless-N VPN Router < 1.3.1.7
Unaffected version
- RV110W Wireless-N VPN Firewall >= 1.2.2.8
-
RV130 VPN Router >= 1.0.3.55
- RV130W Wireless-N Multifunctional VPN Router >= 1.0.3.55
-
RV215W Wireless-N VPN Router >= 1.3.1.7
Solution
Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.
CVE-2020-3331: Cisco RV110W and RV215W series routers arbitrary code execution vulnerability
Affected version
- RV110W Wireless-N VPN Firewall < 1.2.2.8
-
RV215 VPN Router < 1.3.1.7
Unaffected version
- RV110W Wireless-N VPN Firewall >= 1.2.2.8
-
RV215 VPN Router >= 1.3.1.7
Solution
Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.
CVE-2020-3140: Cisco Prime License Manager privilege escalation vulnerability
CVE-2020-3140 in the web management interface of Cisco Prime License Manager (PLM) software could allow unauthenticated remote attackers to gain unauthorized access to the affected devices.
Affected version
- Cisco PLM < 10.5(2)SU9
- Cisco PLM < 11.5(1)SU6
Unaffected version
- Cisco PLM >= 10.5(2)SU9
- Cisco PLM >= 11.5(1)SU6
Solution
Cisco has released an update to address this vulnerability, and it is recommended that users upgrade in time for protection.