Skip to content

Cisco has stated that it has no plans to address these critical VPN security flaws in its SMB routers

Photo by Kvistholt Photography / Unsplash

Cisco has announced it will no longer issue updates for three vulnerable routers, which could potentially allow an unauthenticated, remote attacker to bypass authentication controls and gain access to the IPSec VPN network.

The networking giant recommends its customers verify that they are using the RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router in their networks.

The Cisco security team has stated that they are unaware of any public disclosures or malicious uses of the vulnerability described in this advisory, which has a severity rating of medium.

Users who may be affected are encouraged by Cisco to upgrade to the RV132W, RV160, or RV160W Small Business Routers.

Unfortunately, Cisco reports that there are currently no workarounds available to address this vulnerability for those with limited financial resources.

It's possible that the users of the aforementioned routers got a decent return on their investment.

The RV110W and RV130 have not been available for purchase from the networking giant since 2017, and will no longer receive security patches or other updates after 2022.

Keeping your networking hardware up to date with the latest patches is important because hackers continue to target it as an entry point into your network.

By accessing the "VPN > IPSec VPN Server > Setup" menu item in the web-based management interface, you can determine if the flaw affects your system.

Checking this box will enable the device's IPSec VPN server, which could put your data at risk.