CSCvm78058
October 5, 2018
January 22, 2019
Model | Firmware Version | Fixed In |
RV320 | 1.4.2.15 | 1.4.2.20 |
RV325 | 1.4.2.15 | 1.4.2.20 |
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.
The vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious HTTP POST requests to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux shell as root.
Cisco fixed this vulnerability in RV320 and RV325 Dual Gigabit WAN VPN routers firmware releases 1.4.2.20 and later.
Customers can download the firmware from the product page: RV320 and RV325 or Software Center on Cisco.com. The instructions below will show you how to download the firmware version 1.4.2.20 using the product page.
Step 1. Open the link for either the RV320 or RV325 product page.
Note: In this example, we will be using Cisco RV325 Dual Gigabit WAN VPN Router product page.
Step 2. Scroll down the page. The link should automatically bring you to the Downloads tab. If the link does not bring you to the Downloads tab, press the Downloads tab located next to the Documentation and Communities tab.
Step 3. Click the Downloads button next to the firmware version 1.4.2.20. The firmware version 1.4.2.20 should automatically start downloading.
Note: A notice will appear, “By downloading this file you acknowledge that you have read and agree to be bound by the terms and conditions of the Cisco End User License Agreement.”
Step 4. The firmware will be downloaded to your Downloads folder on your computer.
Step 5. For instructions on how to upgrade your firmware version on the RV320 and RV325 Dual Gigabit WAN VPN Routers, click the link to see the article: Firmware Management on RV320 and RV325 VPN Router Series.
To process escalation, click here to contact the Cisco Small Business Support Center (SBSC).