Cisco warns of vulnerabilities in its routers

Cisco has warned of four vulnerabilities, among which one critical, in the web-based management interfaces of three products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).

"The vulnerability is due to improper input validation of certain parameters that are sent to an affected device via the HTTP GET or HTTP POST method. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to follow a link that is designed to submit malicious input to an affected device," Cisco said in its advisory." A successful exploit could allow the attacker to execute arbitrary script in the context of the web-based management interface for the device or allow the attacker to access sensitive browser-based information."

"An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload," Cisco said. "A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition."

Currently, there are no patches for the flaw. Cisco promised to issue a fix soon. In order to reduce the chance of being hacked, router owners can disable remote management capabilities.

Read more -here-

• OpenAI explores advertising as it steps up revenue drive
• Australia passes social media ban for children under 16
• SpaceX gets FCC green light for Starlink direct-to-phone deal with T-Mobile
• Intel will receive up to $7.9 billion in CHIPS Funding
• Sony is reportedly working on a PS5 portable
• WhatsApp now rolling out voice message transcripts to all users