Cisco says it won’t fix zero-day RCE in end-of-life VPN routers

Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched.

The vulnerability is tracked as CVE-2022-20825 and has a CVSS severity rating of 9.8 out of 10.0.

According to a Cisco security advisory, the flaw exists due to insufficient user input validation of incoming HTTP packets on the impacted devices.

An attacker could exploit it by sending a specially crafted request to the web-based management interface, resulting in command execution with root-level privileges.

Impact and remediation

The vulnerability impacts four Small Business RV Series models, namely the RV110W Wireless-N VPN Firewall, the RV130 VPN Router, the RV130W Wireless-N Multifunction VPN Router, and the RV215W Wireless-N VPN Router.

This vulnerability only affects devices with the web-based remote management interface enabled on WAN connections.

While the remote management feature is not enabled in the default configuration, brief searches using Shodan found exposed devices.

To determine whether remote management is enabled, admins should log in to the web-based management interface, navigate to “Basic Settings > Remote Management,” and verify the state of the relevant check box.

Cisco states that they will not be releasing a security update to address CVE-2022-20825 as the devices are no longer supported. Furthermore, there are no mitigations available other than to turn off remote management on the WAN interface, which should be done regardless for better overall security.

Users are advised to apply the configuration changes until they migrate to Cisco Small Business RV132W, RV160, or RV160W Routers, which the vendor actively supports.

Cisco warned last year that admins should upgrade to newer models after disclosing that they would not fix a critical vulnerability in Universal Plug-and-Play (UPnP) service.

This week, Cisco patched a critical vulnerability in Cisco Secure Email that could allow attackers to bypass authentication and login into the web management interface of the Cisco email gateway.

Source :