A range of SOHO-targeted network kit from Cisco, pitched as “highly secure”, isn't.
Switchzilla has just issued a critical patch for three devices in its RV range: the RV110W 802.11N VPN/firewall; and the RV130 and RV125 802.11n VPN routers.
The bug lets a remote attacker send crafted HTTP requests and execute code as root.
Is there an update yet? Not yet. Is there a workaround? Not if you need remote management, in which case you'll have to wait, or replace the boxes and fire them into the sun.
If you're patient and don't mind turning off remote management in the interim, Cisco says new firmware will be released in the third quarter:
- For the Cisco RV110W Wireless-N VPN Firewall, Release 18.104.22.168;
- For the Cisco RV130W Wireless-N Multifunction VPN Router, Release 22.214.171.124;
- For the Cisco RV215W Wireless-N VPN Router, Release 126.96.36.199.
At Security Tracker, there's more detail on the impact of the bug:
“A remote user can access the target user's cookies (including authentication cookies), if any, associated with the Cisco Small Business RV Series interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.”