Hackers Are Going After Cisco RV110, RV130, and RV215 Routers

Cybercriminals always look for vulnerabilities in routers, and if they find one, it becomes an easy target for them.

We have seen how the hackers were not only scratching the surface, they had set their eyes on how to compromise devices for their malicious activities. They dig vulnerabilities in routers to conduct hacking campaigns.

In 2018 we saw some high profile campaigns of router attacks. The VPNFilter, a malware suspected to be the work of Russians, and the FBI issued a warning to businesses and households to immediately reboot routers to counter the threat.

Nevertheless, it looks like many didn’t heed this warning and that left routers in a vulnerable situation. According to Avast’s Threat Landscape Report for 2019, it suggests that 60 percent of users have never updated their routers firmware, thus exposing themselves to simple vulnerabilities.

Now this latest report from ZDNet, reveals further.

Two days after Cisco patched a critical vulnerability in a well-liked emblem of SOHO routers, and someday after the newsletter of proof-of-concept code, hackers have begun scans and assaults exploiting the mentioned safety computer virus to take over unpatched gadgets.

The vulnerability tracked as CVE-2019-1663, used to be of notice when it got here out on February 27 as it gained a severity ranking from the Cisco group of 9.8 out of 10.

It gained this kind of prime score since the computer virus is trivial to take advantage of and does now not require complex coding talents and sophisticated assault routines; it bypasses authentication procedures altogether; and routers may also be attacked remotely, over the web, without attackers desiring to be bodily provided at the identical native community because the susceptible tool.

Affected fashions come with the Cisco RV110, RV130, and RV215, all of that are WiFi routers deployed in small companies and home properties.

Because of this, the house owners of those gadgets would possibly not most probably be keeping track of Cisco safety signals, and these types of routers will stay unpatched –unlike in massive company environments the place IT staff would have already deployed the Cisco fixes.

In step with a scan through cyber-security company Rapid7, there are over 12,000 of those gadgets readily to be had online, with the overwhelming majority positioned in America, Canada, India, Argentina, Poland, and Romania.

All of those gadgets are actually beneath assault, in step with cyber-security company Unhealthy Packets, which reported detecting scans on March 1.

The corporate detected hackers scanning for some of these routers the use of an exploit that used to be printed an afternoon previous at the weblog of Pen Take a look at Companions, a UK-based cyber-security company.

It used to be probably the most Pen Take a look at Companions’ researchers, alongside two different Chinese language safety mavens, who discovered this actual vulnerability ultimate yr.

In its weblog publish, Pen Take a look at Companions blamed the foundation reason behind CVE-2019-1663 on Cisco coders the use of an infamously insecure serve as of the C programming language -namely strcpy (string replica).

The corporate’s weblog publish incorporated an evidence of ways the use of this C programming serve as left the authentication mechanism of the Cisco RV110, RV130, and RV215 routers open to a buffer overflow that allowed attackers to flood the password box and fasten malicious instructions that were given achieved with admin rights all through authentication procedures.

Attackers who learn the weblog publish seem to be the use of the instance supplied within the Pen Take a look at Companions article to take over susceptible gadgets.

Any proprietor of those gadgets will wish to observe updates once imaginable. In the event that they consider their router has already been compromised, reflashing the tool firmware is really helpful.

Related Resources:

Hacker Group Has Been Hacking DNS Traffic on D-Link Routers