Cisco pulls a Tim Cook; Buy grandma a new router


We all replace our routers regularly, right?

There are four small/medium business routers made by Cisco five years ago that have a flaw in their password validation algorithm. If exploited, an attacker can use it to access the device’s IPSec VPN without the tedious authentication most people expect to be required to do so. Indeed, it gives full administrative access to that part of the router, and once they get the VPN under control, they can do all sorts of damage.

Cisco isn’t going to patch this.

Their rationale is that the kit is old, the most recent to reach EOL this year, and so Cisco feels justified in no longer supporting the four affected routers, even though some were still sold after their official EOL. Those four models are the RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router.


Leave a Comment