The firm has already released update patches for several SMEs products
The Cisco technology firm recently launched update patches to address two critical vulnerabilities present in RV320 and RV325 routers, products widely used in small businesses. According to network security specialists, the first of these failures (CVE-2019-1653) could be exploited by remote attackers to access confidential information, while the second (CVE-2019-1652) is a command-injection flaw.
The real problem for Cisco is that some hackers have been attacking the RV320 and RV325 routers using new exploits. After public disclosure of the initial exploit concept test, hackers began searching for vulnerable devices on the Internet to try to compromise them.
Both vulnerabilities are found in the web management interface of the compromised routers, reported network security specialists from the International Institute of Cyber Security. By chaining the two flaws, a hacker can take control of these devices, attackers exploit vulnerabilities to obtain privileged passwords and execute arbitrary commands.
Specialists in a cybersecurity firm were responsible for reporting these flaws to Cisco, the code tests for exploitation were revealed to the public a few days after the company launched the update patches. Experts published the proof-of-concept for command-injection vulnerabilities, information disclosures, and data leakage.
When using Shodan to look for some of the compromised routers models, it is possible to find tens of thousands of these devices running online.
Troy Mursch, a network security specialist, performed his own scanning for vulnerable systems, discovering about 9.6k online exposed routers (6 247 Cisco RV320 routers and 3 410 Cisco RV325 routers).
Mursch described on a map the geographic distribution of the compromised routers, proving that most of these devices are found in the United States.
“Although the research we did will be published shortly, the IP addresses of the Cisco routers affected by these failures will not be revealed, as it is sensitive information,” said Troy Mursch on his blog.