Windows 10 News and info | Forum
February 22, 2019, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Hackers Targeting Cisco RV320/RV325 Routers Using New Exploits  (Read 34 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 29609


I Do Windows


WWW Email
« on: January 27, 2019, 08:51:21 PM »
ReplyReply

Disclosure of proof-of-exploit code for security bugs in Cisco routers for small businesses prompted hackers to scan for vulnerable devices in an attempt to take full control of them.

Cisco this week announced updates for router models RV320 and RV325 that fix a command injection (CVE-2019-1652) and an information disclosure (CVE-2019-1653) vulnerability; both of them are in the routers' web management interface.

Exploiting the former requires authentication and admin privileges to allow a remote attacker to execute arbitrary commands on the system. The latter security issue is also remotely exploitable, but it does not need authentication to get sensitive information from the router.

Exploit code available

A hacker chaining the two bugs could target RV320 and RV325 routers available online to obtain hashed access credentials for a privileged account and thus be able to run arbitrary commands as root.

Germany company RedTeam Pentesting found the issues in Cisco RV320 and reported them privately to Cisco. The researchers also found that RV320 exposes diagnostic data.

Although RedTeam Pentesters' work refers only to Cisco RV320, the network hardware maker listed Cisco RV325 vulnerable to the same glitches.

When Cisco released the advisories and firmware updates that correct the problems, the pentesters also released proof-of-concept (PoC) exploit code for the command injection the info disclosure and the data leak.

Ready-made exploits also exist on GitHub, from security researcher David Davidson, who tested the code on Cisco RV320.

Thousands of hosts exposed and vulnerable

A superficial search on Shodan shows that there are about 20,000 Cisco RV320/RV325 routers reachable over the internet. Not all of them may be vulnerable, though.

According to information today from Troy Mursch, chief research officer at Bad Packets, more than 9,500 of them were found to be affected by the information disclosure glitch, most of them in the United States.



He noticed that hackers are quick to take advantage and started hunting for these router models. Signals came since Friday from an IP address in the United States.



source
« Last Edit: January 27, 2019, 08:53:24 PM by javajolt » Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page January 28, 2019, 04:12:59 PM