owners of Small Business RV routers to upgrade to newer models, since a critical vulnerability was discovered in the old ones, which the manufacturer will not fix.
The vulnerability (CVE-2022-20825) exists due to a boundary error when processing HTTP packets. A remote unauthorized attacker can send specially created HTTP packets to the web management interface, cause buffer overflow and execute arbitrary code. Successful exploitation of the vulnerability can lead to a complete compromise of the vulnerable system.
The problem affects four models of Small Business RV series routers – RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunctional VPN Router and RV215W Wireless-N VPN Router. Only devices with a web interface for remote control activated over a WAN connection are vulnerable.
Although the remote control function is disabled by default in the settings, a search in Shodan reveals many vulnerable models available via the Internet.
Cisco has stated that it will not release a patch for CVE-2022-20825 for more unsupported devices. The only way to secure older models is to disable remote management via WAN.
Users are advised to make changes to the configuration settings until they can upgrade to newer, Cisco-supported models of Cisco Small Business RV132W, RV160 or RV160W Routers.