Cisco warns of XSS flaw in end-of-life small business routers
April 06, 2024
Cisco warns customers of Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site scripting flaw.
Cisco warns of a Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers Cross-Site scripting (XSS) flaw.
The medium severity issue, tracked as CVE-2024-20362 (CVSS score 6.1), resides in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers. An unauthenticated, remote attacker can conduct a cross-site scripting (XSS) attack against a user of the interface.
The IT giant pointed out that the impacted devices are end-of-life (EoL) RV series small business routers and the company will not release software updates to fix the problem. There are no workarounds that address this vulnerability.
“This vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to visit specific web pages that include malicious payloads.” reads the advisory. “A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.”
The flaw impacts all
software releases for the following Cisco RV Series Small Business Routers:- RV016 Multi-WAN VPN Routers
- RV042 Dual WAN VPN Routers
- RV042G Dual Gigabit WAN VPN Routers
- RV082 Dual WAN VPN Routers
- RV320 Dual Gigabit WAN VPN Routers
- RV325 Dual Gigabit WAN VPN Routers
To mitigate this vulnerability on Cisco Small Business RV320 and RV325 Routers, the company recommends disabling remote management. To mitigate this vulnerability on Cisco Small Business RV016, RV042, RV042G, and RV082 Routers the company recommends disabling remote management and block access to ports 443 and 60443. The routers will still be accessible through the LAN interface after implementing the mitigation.
Cisco is not aware of attacks in the wild exploiting this vulnerability, so the company urges customers to migrate to a supported product.
The company confirmed that this vulnerability does not affect the following RV Series Small Business Routers:
- RV160 VPN Routers
- RV160W Wireless-AC VPN Routers
- RV260 VPN Routers
- RV260P VPN Routers with PoE
- RV260W Wireless-AC VPN Routers
- RV340 Dual WAN Gigabit VPN Routers
- RV340W Dual WAN Gigabit Wireless-AC VPN Routers
- RV345 Dual WAN Gigabit VPN Routers
- RV345P Dual WAN Gigabit PoE VPN Routers
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, routers)