A critical vulnerability in older Cisco routers will remain unpatched after the company advised that they have reached end-of-life status.
The vulnerability is in the Universal Plug-and-Play service in Cisco Small Business RV110W, RV130, RV130W and RV214W routers. Rated by Cisco as “critical,” it could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial-of-service condition.
The vulnerability is the result of improper validation of incoming UPnP traffic. An attacker could exploit this vulnerability by sending a crafted UPnP request to an affected device. A successful exploit could allow the attacker to obtain root status on the underlying operating system or cause the device to reload, resulting in a DoS condition.Cisco has not released software updates that address this vulnerability.” It added that there are no workarounds to address the vulnerability either.
Cisco has not released software updates that address this vulnerability.It added that there are no workarounds to address the vulnerability either.Administrators can disable the affected feature by disabling UPnP on the LAN interface of the device.
Exploiting this vulnerability in a default configuration requires threat actor to have access to the internal network can be gained through something as easy as a phishing email. The threat actor can use this vulnerability to easily take control of the device using an exploit.
UPnP is an extremely useful feature for home users, it has no place in business environments.Cisco likely leaves the UPnP feature enabled on its small business product line because those environments are less likely to have dedicated support staff who can reconfigure a firewall as needed for a product.