Cisco says it won’t patch these dangerous VPN security flaws in its SMB routers
Users should just upgrade to newer kit, Cisco advisory says
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cisco has said it won’t be issuing any further updates for three vulnerable routers which could apparently allow an unauthenticated, remote attacker to bypass authentication controls and access the IPSec VPN network.
Customers of the networking giant should check out if their set-ups include the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router.
On the plus side, Cisco said its security team is not aware of any public announcements or malicious use of the vulnerability, which was given a severity rating of medium, which is described inthis advisory.
Router security
Cisco recommends possibly impacted users should migrate to Cisco Small Business RV132W, RV160, or RV160W routers.
For those currently low on funds, unfortunately, there are no workarounds that address this vulnerability according to Cisco.
Users of the routers in question may have at least gotten a good amount of bang for their buck.
The networking giant hasn’t sold the RV110W and RV130 since 2017, and only officially ended support for them in 2022.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Cisco confirms it was hit by a cyberattack, company data stolen>Cisco confirms plan to exit Russia permanently>Our guide to the best endpoint protection
Unfortunately, networking hardware remains an extremely common endpoint for cyber criminals to try and gain access to organizations and as a result, it’s a good idea to keep your hardware filled patched at all times.
You can check if the vulnerability impacts you by logging into the web-based management interface and choosing “VPN > IPSec VPN Server > Setup”.
If the Server Enable check box is checked, the IPSec VPN Server is enabled on the device, potentially putting you in danger.
Will McCurdy has been writing about technology for over five years. He has a wide range of specialities including cybersecurity, fintech, cryptocurrencies, blockchain, cloud computing, payments, artificial intelligence, retail technology, and venture capital investment. He has previously written for AltFi, FStech, Retail Systems, and National Technology News and is an experienced podcast and webinar host, as well as an avid long-form feature writer.
Should your VPN always be on?
3 reasons why PIA fell in our best VPN rankings
Sonos Arc Ultra review: the best one-box Dolby Atmos soundbar for the price, with one grating flaw
