Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide

January 28, 2019
in Internet Privacy
New Exploit Threatens Over 9,000 Hackable Cisco RV320/RV325 Routers Worldwide
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Credit: The Hacker News

If the connectivity and security of your organization rely on Cisco RV320 or RV325 Dual Gigabit WAN VPN routers, then you need to immediately install the latest firmware update released by the vendor last week.

You might also like

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

Why do companies fail to stop breaches despite soaring IT security investment?

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

Cyber attackers have actively been exploiting two newly patched high-severity router vulnerabilities in the wild after a security researcher released their proof-of-concept exploit code on the Internet last weekend.

The vulnerabilities in question are a command injection flaw (assigned CVE-2019-1652) and an information disclosure flaw (assigned CVE-2019-1653), a combination of which could allow a remote attacker to take full control of an affected Cisco router.

The first issue exists in RV320 and RV325 dual gigabit WAN VPN routers running firmware versions 1.4.2.15 through 1.4.2.19, and the second affects firmware versions 1.4.2.15 and 1.4.2.17, according to the Cisco’s advisory.

Both the vulnerabilities, discovered and responsibly reported to the company by German security firm RedTeam Pentesting, actually resides in the web-based management interface used for the routers and are remotely exploitable.

  • CVE-2019-1652—The flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands on the system.
  • CVE-2019-1653—This flaw doesn’t require any authentication to reach the router’s web-based management portal, allowing attackers to retrieve sensitive information including the router’s configuration file containing MD5 hashed credentials and diagnostic information.

The PoC exploit code targeting Cisco RV320/RV325 routers published on the Internet first exploits CVE-2019-1653 to retrieve the configuration file from the router to obtain its hashed credentials and then exploits CVE-2019-1652 to execute arbitrary commands and gain complete control of the affected device.

Researchers from cybersecurity firm Bad Packets said they found at least 9,657 Cisco routers (6,247 RV320 and 3,410 RV325) worldwide that are vulnerable to the information disclosure vulnerability, most of which located in the United States.

The firm shared an interactive map, showing all vulnerable RV320/RV325 Cisco routers in 122 countries and on the network of 1,619 unique internet service providers.

Bad Packets said its honeypots detected opportunistic scanning activity for vulnerable routers from multiple hosts from Saturday, suggesting the hackers are actively trying to exploit the flaws to take full control of the vulnerable routers.

The best way to protect yourself from becoming the target of one such attack is to install the latest Cisco RV320 and RV325 Firmware release 1.4.2.20 as soon as possible.

Administrators who have not yet applied the firmware update are highly recommended to change their router’s admin and WiFi credentials considering themselves already compromised.


Credit: The Hacker News By: noreply@blogger.com (Mohit Kumar)

Previous Post

Data-driven Marketing Strategy: Spatial Analytics for Micro-marketing

Next Post

Japanese government plans to hack into citizens' IoT devices

Related Posts

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Internet Privacy

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

March 2, 2021
Why do companies fail to stop breaches despite soaring IT security investment?
Internet Privacy

Why do companies fail to stop breaches despite soaring IT security investment?

March 2, 2021
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Internet Privacy

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 2, 2021
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020
Internet Privacy

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020

March 1, 2021
Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Next Post
Japanese government plans to hack into citizens’ IoT devices

Japanese government plans to hack into citizens' IoT devices

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

The case for Bayesian Learning in mining
Machine Learning

The case for Bayesian Learning in mining

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game
Data Science

Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game

March 2, 2021
Aries becomes next Hyperledger project graduating to active status
Blockchain

Aries becomes next Hyperledger project graduating to active status

March 2, 2021
Government trialling machine learning tech to detect pests at shipping ports
Machine Learning

Government trialling machine learning tech to detect pests at shipping ports

March 2, 2021
Data Annotation Service: a Potential and Problematic Industry Behind AI | by ByteBridge
Neural Networks

Data Annotation Service: a Potential and Problematic Industry Behind AI | by ByteBridge

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • The case for Bayesian Learning in mining March 2, 2021
  • Scientists have built this ultrafast laser-powered random number generator March 2, 2021
  • Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game March 2, 2021
  • Aries becomes next Hyperledger project graduating to active status March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates