Number: AV16-016
Date: 27 January 2016
Purpose
The purpose of this alert is to bring attention to recent critical software updates that address a disclosed vulnerability in Cisco RV220W product.
Assessment
CCIRC is aware of a recently disclosed vulnerability in Cisco RV220W product.
Cisco RV220W Wireless Security Firewall devices could allow an unauthenticated remote attacker to bypass authentication and gain administrative privileges on a targeted device. This vulnerability could be exploited by sending a crafted HTTP request containing malicious SQL statement to the management interface of the targeted device.
Affected Product Versions:
Cisco RV220W running firmware releases prior to 1.0.7.2
NON Affected Product Versions:
Cisco RV120W Wireless-N VPN Firewall
Cisco RV180 VPN-Router
Cisco RV180W Wireless-N Multifunction VPN Router
Suggested action
Due to the elevated risk presented by this vulnerability, CCIRC recommends that system administrators test and deploy the vendor-released firmware update to affected versions accordingly. CCIRC recommends that priority is given to these patches.
References
Cisco RV220W Management Authentication Bypass Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160127-rv220