Cisco Issues Warning About a Critical Vulnerability in Routers

In recent years, internet-connected devices, especially routers and IoT devices, have become prime targets for cybercriminals. In response, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently issued a warning about a critical vulnerability in Cisco Small Business RV series routers – CVE-2023-20118. This vulnerability is already being actively exploited by attackers.

The CVE-2023-20118 vulnerability was discovered in the web management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers. It allows attackers to execute command injection, potentially taking full control of the affected system.

The root cause of this vulnerability is improper validation of user-supplied data in HTTP requests (CWE-77), enabling authenticated attackers to execute arbitrary commands with root privileges.

This vulnerability poses several security risks:
✅ Injecting malicious code through specially crafted HTTP requests.
✅ Unauthorized access to the system.
✅ Lateral movement within the network and data theft.

Cisco has announced that these devices have reached End-of-Life (EoL) status and will not receive security updates. As a result, approximately 50,000 devices remain unprotected. CISA has added this vulnerability to its list of “actively exploited vulnerabilities” and has mandated federal agencies to mitigate the risk within 21 days under directive BOD 22-01.

Cisco security experts recommend taking the following critical actions:

✔ Disable remote management – Turn off remote management functionality on RV320 and RV325 routers.

✔ Block specific ports – Close ports 443 and 60443 on RV016, RV042, RV042G, and RV082 models.

✔ Replace outdated routers – Upgrade to newer and supported models such as RV340/RV345.

✔ Restrict access control – Limit router access to trusted IP addresses only.

✔ Monitor logs – Watch for suspicious requests to /login.cgi or /admin and respond to anomalies promptly.

✔ Implement network segmentation – Isolate affected routers and strictly control access rights.

In recent years, cybercriminals have increasingly targeted routers and edge devices due to their lack of regular updates, which can serve as entry points into corporate networks. Security issues with Cisco RV series routers are not new – in 2024, these devices were also affected by an XSS vulnerability (CVE-2024-20362).

Another significant concern is that cybercriminals may exploit this vulnerability to create botnets or infiltrate corporate networks, enabling more sophisticated attacks. For this reason, CISA considers this issue highly critical.

🔹 Use VPN – If remote access is necessary, ensure it is encrypted via VPN.

🔹 Strong passwords and two-factor authentication (2FA) – Set complex passwords and enable 2FA for additional security.

🔹 Network monitoring – Utilize IDS/IPS security systems to continuously monitor network activity.

🔹 Enhance DNS security – Implement DNS filtering to block malicious traffic and prevent phishing attacks.

The CVE-2023-20118 vulnerability presents a severe threat to systems relying on Cisco Small Business routers. It is currently being actively exploited by cybercriminals. The fact that CISA has added it to its Known Exploited Vulnerabilities (KEV) catalog underscores its high-risk nature.

Cybersecurity is an ongoing process. Therefore, all users and organizations must strictly adhere to the recommended security measures to protect their networks!