Hackers are going after Cisco RV320/RV325 routers using a new exploit

Security researchers have observed ongoing internet scans and exploitation attempts against Cisco RV320 and RV325 WAN VPN routers, two models very popular among internet service providers and large enterprises.

ttacks started on Friday, January 25, after security researcher David Davidson published a proof-of-concept exploit for two Cisco RV320 and RV325 vulnerabilities.

The vulnerabilities are:

  • CVE-2019-1653 – allows a remote attacker to get sensitive device configuration details without a password.
  • CVE-2019-1652 – allows a remote attacker to inject and run admin commands on the device without a password.

Both vulnerabilities were discovered and privately reported to Cisco by Germany security firm RedTeam Pentesting [123]. Cisco released patches for both issues on Wednesday, January 23 [12].

Read more…
Source: ZDNet