Cisco is warning customers who use their small business routers to update the firmware to fix bugs that could allow root-level attackers to access the devices.
The critical bugs affect the Cisco Small Business VPN16 Routers RV160, RV160W, RV260, RV260P, and RV260W. These were the Cisco models Recommended customers using unsupported small business routers to move to last month.
There are several bugs in the routers’ web administrative interface that could allow remote attackers to run code as the root user. The devices do not properly validate HTTP requests, so an attacker could send specially crafted HTTP requests that could potentially exploit the flaw.