Computer forensics specialists report the discovery of multiple vulnerabilities in multiple Cisco VR Series routers. Successful exploitation of these flaws would allow the deployment of multiple malicious scenarios such as command injection and buffer overflows.
According to the report, the flaws reside in most versions of the following router models:
- Cisco RV016 Multi-WAN VPN
- Cisco RV042 Dual WAN VPN
- Cisco RV042G Dual Gigabit WAN VPN
- Cisco RV082 Dual WAN VPN
- Small Business RV320 Dual Gigabit WAN VPN
- Small Business RV325 Dual Gigabit WAN VPN
Below are brief descriptions of reported vulnerabilities, with their respective keys and scores according to the Common Vulnerability Scoring System (CVSS).
CVE-2020-3274: Incorrect input validation in the web-based management interface would allow a threat actor to execute arbitrary commands on the target system. The flaw received a score of 6.3/10.
CVE-2020-3275: Incorrect input validation on the web-based management interface would allow arbitrary commands to be injected into the target system. The flaw received a 6.3/10 score on the CVSS.
CVE-2020-3276: Incorrect input validation on the web interface of vulnerable devices would allow remote hackers to execute arbitrary commands on the system. This vulnerability received a score of 6.3/10.
CVE-2020-3277: Insufficient incorrect input validation in the web management interface would allow remote users to execute remote commands on the system by sending a specially crafted request. The flaw received a score of 6.3/10.
CVE-2020-3278: Incorrect input validation on the web interface allows remote threat actors to send requests specially designed to execute remote commands on the system. The flaw received a score of 6.3/10, the experts in computer forensics mentioned.
CVE-2020-3279: Incorrect input validation on the web interface allows remote threat actors to send requests specially designed to execute remote commands on the system. The flaw received a score of 6.3/10.
CVE-2020-3296: A boundary error in the web management interface would allow threat actors to trigger memory corruption and execute arbitrary code on the target system. The flaw received a score of 6,310 on the CVSS scale.
CVE-2020-3295: A boundary error in the system’s web management interface could allow remote hackers to execute arbitrary code on the target system. The flaw received a score of 6.3/10.
CVE-2020-3294: A boundary error in the web management interface of the affected routers would allow remote hackers to execute arbitrary code on the target system. The vulnerability received a score of 6.3/10.
CVE-2020-3293: A boundary error in the web interface allows remote users to execute arbitrary code on the target system. The flaw received a score of 6.3/10.
CVE-2020-3292: A boundary error in the web interface would allow threat actors to execute arbitrary code on vulnerable routers. This flaw also received a score of 6.3/10.
CVE-2020-3291: This flaw exists due to a boundary error in the web user interface, computer forensics experts mention. A remote hacker could send specially designed requests to execute arbitrary code on the target system. The flaw received a score of 6.3/10.
CVE-2020-3290: A boundary error in the web management interface would allow remote hackers to trigger memory corruption and execute arbitrary code. The flaw received a score of 6.3/10.
CVE-2020-3289: A boundary flaw in the web interface of the affected devices would allow remote hackers to execute arbitrary code on the target system. The flaw has a CVSS score of 6.3/10.
CVE-2020-3288: A boundary error in the web management interface allows users to send requests specially designed to execute arbitrary code on the target system.
CVE-2020-3287: This flaw would allow arbitrary code to run on the target system due to a boundary flaw in the target system’s web interface. The flaw received a score of 6.3/10.
CVE-2020-3286: A boundary error in the web management interface allows hackers to send specially designed requests to execute arbitrary code on the target system. The vulnerability received a score of 6.3/10.
While reported vulnerabilities could be exploited remotely by unauthenticated hackers, no attempts to exploit in real-world scenarios or any exploits associated with these attacks have been detected, computer forensics experts mention.
Cisco recognized the reports and began working on correcting these flaws immediately. Users of affected routers should only verify the correct installation of updates. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.
