Three models of Cisco wireless VPN firewalls and routers from the small business RV series contain a critical unpatched vulnerability that attackers can exploit remotely to take control of devices.

The vulnerability is located in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130W Wireless-N Multifunction VPN Router and RV215W Wireless-N VPN Router.

It can be easily exploited if the affected devices are configured for remote management since attackers only need to send an unauthenticated HTTP request with custom user data. This will result in remote code execution as root, the highest privileged account on the system, and can lead to a complete compromise.

To read this article in full or to leave a comment, please click here

Source: Security