Cisco warns of vulnerabilities in its routers

Cisco has warned of four vulnerabilities, among which one critical, in the web-based management interfaces of three products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).

"The vulnerability is due to improper input validation of certain parameters that are sent to an affected device via the HTTP GET or HTTP POST method. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to follow a link that is designed to submit malicious input to an affected device," Cisco said in its advisory." A successful exploit could allow the attacker to execute arbitrary script in the context of the web-based management interface for the device or allow the attacker to access sensitive browser-based information."

"An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload," Cisco said. "A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition."

Currently, there are no patches for the flaw. Cisco promised to issue a fix soon. In order to reduce the chance of being hacked, router owners can disable remote management capabilities.

Read more -here-

• Apple's new accessibility features let you control an iPhone or iPad with your eyes
• Comcast unveils streaming bundle that includes Apple TV+, Peacock and Netflix
• John Deere says solar storm compromised GPS tracking on tractors
• Dell confirms database hacked - hacker says 49 million customers hit
• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package