Attacks on Cisco Routers RV320 and RV325 began on the 25th of January, just a few hours after a researcher released a PoC for the two devices. The first vulnerability, CVE-2019-1652 gave attackers the ability to plant and run administrator commands without providing a password. The second one, CVE-2019-1653, also did not require a password and gave access to configuration details. When combined, the two vulnerabilities can lead to a total takeover of the device being attacked. After being tracked, it was found that 6,247 Cisco RV320 and 3,410 RV325 devices were susceptible to the vulnerabilities. “Due to the sensitive nature of these vulnerabilities, the IP addresses of the affected Cisco RV320/RV325 routers will not be published publicly. However, the list is freely available for authorized CERT teams to review. We’ve shared our findings directly with Cisco PSIRT and US-CERT for further investigation and remediation,” one of the researchers explained.
Users who could possibly be affected are advised to update their devices by downloading the latest firmware, version 14.2.20 and change their passwords.