Do you own one or more of the following products made by Cisco?
- The RV110W Wireless-N VPN Firewall
- The RV130 VPN Router
- The RV130W Wireless-N Multifunction VPN Router
- The RV215W Wireless-N VPN Router
If so, be advised that a new and critical security vulnerability has been found that impacts your equipment. It is being tracked as CVE-2022-20825. With a severity rating of 9.8 out of a possible 10, it’s about as serious an issue as it’s possible to have.
What is worse is that because the equipment referenced above is older and at the end of its service life, Cisco announced that there will be no patches to address this recently discovered security vulnerability.
Per a recent Cisco security advisory, the flaw exists because of insufficient user input validation of incoming HTTP packets on impacted devices.
It should be noted that this flaw only impacts devices that have their web-based remote management interface enabled on WAN connections. If you’re not doing that, then even if you have an older piece of Cisco equipment, you’ve got nothing to worry about.
If you’re not sure whether remote management is enabled or not, just use the following steps. Log into the web management interface and make your way to “Basic Settings” and then “Remote Management.” From there, just verify whether the box is checked or not and you’re all set.
In cases like these, we do wish companies were willing to be a bit more flexible. However, on the other hand, it’s easy to see how an offer of more time would be abused. So while we feel your pain if you own one of the impacted devices and we also understand why Cisco is taking a hard line and not granting any wiggle room.
All that to say, if you’re still using one of the devices referenced above, upgrade to a newer piece of equipment as soon as possible.