It was just two days ago that Cisco had patched a severe vulnerability in a popular brand of SOHO routers and the proof-of-concept code was published a day ago. The hackers have started scans and attacks exploiting the security bug to take over unpatched devices.
The vulnerability which has been dubbed as CVE-2019-1663 had a severity score from the Cisco team of 9.8 out of 10. The high rating is because the bug is pointless to exploit and need not require advanced coding skills and complicated attack routines. It can bypass authentication procedures altogether and routers can be attacked remotely, over the internet without the need of an attacker to be physical present at the location.
The models that were affected include the Cisco RV110, RV130, and RV215, which are WiFi routers deployed in small businesses and residential homes.
So, the owners of these devices are less likely to watch on the security alerts and most of these routers will be unpatched. It is not like in large organizations where the IT personnel would have already patched the flaws.
The cyber-security firm Rapid7 stated that there are more than 12,000 of these devices available online located mainly in the US, Canada, India, Argentina, Poland, and Romania. All these devices are now under attack as per the reports from the cyber-security firm Bad Packets.
The hackers are scanning for these types of routers using an exploit that was published in the blog of Pen Test Partners which is a UK-based cyber-security firm.
In its blog post, Pen Test Partners blamed the main reason for CVE-2019-1663 on Cisco coders using an infamously insecure function of the C programming language -namely strcpy (string copy).
It was also explained how using this C programming function left the authentication mechanism of the Cisco RV110, RV130, and RV215 routers open to a buffer overflow that permitted attackers to flood the password field and attach malicious commands that got executed with admin rights during authentication procedures.
Any user who own these devices are highly recommended to apply updates at the earliest. Those who thinks that their router has already been compromised, then perform reflashing the device firmware.