Do you own one of these Cisco products?

  • The RV110W Wireless-N VPN Firewall
  • The RV130 VPN Router
  • The RV130W Wireless-N Multifunction VPN Router
  • The RV215W Wireless-N VPN Router

If so, be advised that a new and critical security vulnerability has been found that impacts your equipment.  It is being tracked as CVE-2022-20825.  With a severity rating of 9.8 out of a possible 10, it's about as serious an issue as it's possible to have.

What is worse is that because the equipment referenced above is older and at the end of its service life, Cisco announced that there will be no patches to address this recently discovered security vulnerability.

 

Remote management is vulnerable

Per a recent Cisco security advisory, the flaw exists because of insufficient user input validation of incoming HTTP packets on impacted devices.

It should be noted that this flaw only impacts devices that have their web-based remote management interface enabled on WAN connections.  If you're not doing that, then even if you have an older piece of Cisco equipment, you've got nothing to worry about.

If you're not sure whether remote management is enabled or not, just use the following steps. Log into the web management interface and make your way to "Basic Settings" and then "Remote Management."  From there, just verify whether the box is checked or not and you're all set.

In cases like these, we do wish companies were willing to be a bit more flexible. However, on the other hand, it's easy to see how an offer of more time would be abused. So, while we feel your pain if you own one of the impacted devices and we also understand why Cisco is taking a hard line and not granting any wiggle room.

 

My perspective

All that to say, if you're still using one of the devices referenced above, upgrade to a newer piece of equipment as soon as possible.

 

As Porky would say: "Th-Th-Th-That's all folks!"

 

By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short.

For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work-at-home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association