Cisco Systems, Inc. (NASDAQ:CSCO) warned small business customers that rely on VPN about the flaws in the routers and a possible hack through remote code execution.
Cisco said the flaws in the routers could allow the hackers to execute the code remotely and cause damage to their systems. The company has not yet released a patch for the devices that reached the end of life to thwart remote code execution.
Cisco urges small businesses to upgrade the firmware
Cisco informed small businesses that use VPN to upgrade their firmware urgently to prevent possible remote code execution and gain root-level access. The VPN devices that could get affected because of the vulnerability include RV260P, RV260, RV160W, RV160, and RV260W.
Flaws in the web management interface
The web management interface in the routers comprises several bugs that can be exploited by hackers to gain root access by executing the code remotely.
Hackers can simply send purported HTTP requests to exploit the flaw because the devices do not have the proper mechanisms to validate the HTTP requests. Devices that run with firmware releases earlier than 1.0.01.02 are vulnerable. Such devices need an urgent upgrade to firmware version 1.0.01.02 or later.
Cisco currently tracks the bugs like CVE-2021-1291, CVE-2021-1290, and CVE-2021-1289 in the VPN routers. Attackers can cause a denial of service using the severe flaws in the web interface of Routers like RV320, RV082, RV016, RV325, RV042, and RV042G.
Cisco issued a firmware update 18.104.22.168 to fix the bugs that affect RV325 and RV320 VPN Routers. However, the company will not release firmware updates for devices that reached the end of life.
Demand for office equipment drops
The ongoing coronavirus forced employees to work from home. As a result, the demand for office equipment slumped and caused a drop in revenues of Cisco in Q2 2021.
The revenues of Cisco declined to $11.96 billion in Q2 2021 compared to $12.01 billion from the same period last year. However, the company reported a surge of 2% from its services business to $3.39 billion. Cisco reported double-digit growth from its WebEx video-conferencing business because of remote work. It expects to post a growth in Q3 2021.