Researchers have noted numerous security issues in multiple Cisco Small Business Routers. Since the vendors have now fixed the flaws, users must quickly update their devices to the latest firmware.
As confirmed by Cisco in an advisory, Cisco Small Business Routers exhibited numerous security issues. Cisco came to know of these issues via reports from security researchers who found the flaws.
Specifically, three major security glitches were discovered in the Cisco RV320 and RV325 Dual Gigabit WAN VPN Routers firmware.
One of these problems was the presence of static certificates and keys. According to the advisory,
Though, all three certificates only served the intended testing purposes. The developers inadvertently shipped these certificates with the firmware.
The other major vulnerability in these routers was the presence of hardcoded password hashes.
Anyone with access to the base operating system could easily gain root access on the target device by exploiting this flaw.
Cisco also disclosed similar issues affecting the RV016, RV042, RV042G, and RV082 Routers in another informational advisory.
Apart from the two security issues discussed above, Cisco also addressed numerous vulnerabilities affecting Third-party software (TPS) components. These vulnerabilities existed in the firmware of all these routers.