Stop us if you’ve heard this one: bad HTTP sanitisation in smallbiz boxen
A range of SOHO-targeted network kit from Cisco, pitched as “highly secure”, isn’t.
Switchzilla has just issued a critical patch for three devices in its RV range: the RV110W 802.11N VPN/firewall; and the RV130 and RV125 802.11n VPN routers.

The bug lets a remote attacker send crafted HTTP requests and execute code as root.
Is there an update yet? Not yet.
Is there a workaround? Not if you need remote management, in which case you’ll have to wait, or replace the boxes and fire them into the sun.
If you’re patent and don’t mind turning off remote management in the interim, Cisco says new firmware will be released in the third quarter:

For the Cisco RV110W Wireless-N VPN Firewall, Release 1.2.1.7;
For the Cisco RV130W Wireless-N Multifunction VPN Router, Release 1.0.3.16;
For the Cisco RV215W Wireless-N VPN Router, Release 1.3.0.8.

At Security Tracker, there’s more detail on the impact of the bug:
“A remote user can access the target user’s cookies (including authentication cookies), if any, associated with the Cisco Small Business RV Series interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.”
The researcher who found the vulnerability, Samuel Huntley, also turned up a DoS-able bug and an XSS bug in the same systems. ®
Sponsored: Rise of the machines

Leave a Reply