More Cisco SMB router ranges have serious security flaws TechRadar Skip to main content TechRadar is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Here's why you can trust us. More Cisco SMB router ranges have serious security flaws By Sead Fadilpašić published 5 August 2022 Three flaws found in four series of Cisco SMB routers (Image credit: Shutterstock.com) Audio player loading… Cisco has announced fixes for three major vulnerabilities found in four different series of its SMB routers (opens in new tab). The flaws, should they be exploited, would have allowed threat actors to launch code remotely, or trigger denial of service attacks. Those that are unable to patch immediately are out of luck - there are no workarounds for these flaws, and the only way to mitigate the threat is to apply the fixes. High-severity flaws galore In Cisco's security advisory (opens in new tab), the company said its Small Business RV160, RV260, RV340, and RV345 Series Routers were affected. The flaws include CVE-2022-20827, a web filter database update command injection vulnerability with a severity score of 9.0. "This vulnerability is due to insufficient input validation," Cisco explains. "An attacker could exploit this vulnerability by submitting crafted input to the web filter database update feature. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges." The second flaw is tracked as CVE-2022-20841, an open plug and play command injection vulnerability with a severity score of 8.3. This one is also due to insufficient validation of user-supplied input, and a successful exploit could allow the attacker to run arbitrary commands on an underlying Linux OS. Finally, Cisco fixed CVE-2022-20842, a remote code execution and denial of service vulnerability with a severity score of 9.8. Read more> Cisco will not patch serious security hole in its old VPN routers (opens in new tab) > Cisco tells customers to upgrade VPN routers or risk attack (opens in new tab) > Keep your home or small business secure with the best secure routers out there (opens in new tab) "A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition," the company explained. Cisco urged its users to patch immediately, especially due to the fact that the vulnerabilities are dependent on one another. "Exploitation of one of the vulnerabilities may be required to exploit another vulnerability," the company said. "In addition, a software release that is affected by one of the vulnerabilities may not be affected by the other vulnerabilities."These are the best endpoint protection (opens in new tab) services out there Sead Fadilpašić Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he's written for numerous media outlets, including Al Jazeera Balkans. He's also held several modules on content writing for Represent Communications. See more Computing news Are you a pro? Subscribe to our newsletter Sign up to theTechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Thank you for signing up to TechRadar. You will receive a verification email shortly. There was a problem. Please refresh the page and try again. MOST POPULARMOST SHARED1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2Stop saying Mario doesn't have an accent in The Super Mario Bros. Movie3Google Pixel Tablet is what Apple should've done ages ago4RTX 4090 too expensive? Nvidia resurrects another old favorite5More than one million credit card details leaked online1The iPhone 14 Pro is made of the wrong stuff; the Pixel 7 proves that to me2iPhone 15 tipped to come with an upgraded 5G chip3If this feature succeeds for Modern Warfare 2, Microsoft can't ignore it4Apple October launches: the new devices we might see this month5The Rings of Power episode 8 trailer feels like one big Sauron misdirect Technology Magazines (opens in new tab)● (opens in new tab)The best tech tutorials and in-depth reviewsFrom$12.99 (opens in new tab)View (opens in new tab)