Cisco said yesterday that it would not release firmware updates to fix 74 vulnerabilities reported to exist in RV routers that have reached the end of their life cycle (EOL).
Affected devices include Cisco Small Business RV110W, RV130, RV130W and RV215W systems, which can be used as both routers or firewalls and as VPNs. All four systems reached their EOL in 2017 and 2018.
In three security advisories published yesterday, Cisco said that since December, it has received bug reports for vulnerabilities ranging from simple issues. denial of service to security vulnerabilities that could be exploited by them hacker to access root accounts and to invade routers.
In total, Cisco said it received 74 bug reports, but that it would not release software patches, mitigations or solutions as Appliances had long ago reached their EOL.
Instead, the company advised customers to move to newer devices, such as the RV132W, RV160 or RV160W models, which provide them with exactly the same possibilities and which are still supported actively from company.
Some of the customers may not like the company decision, but the good news is that none of these errors can be utilized easily.
Cisco said all vulnerabilities require an attacker to have them credentials of the device, which reduces the risk of attacks on networks in the coming weeks or months, giving administrators the opportunity to design and prepare a relocation plan to a newer equipment, or at least to develop their own countermeasures.
The CVE of errors that Cisco refused to fix on the routers are listed below:
Source of information: zdnet.com