Do you own any of the following Cisco UPnP (Universal Plug and Play) routers?
- RV110W
- RV130
- RV130W
- Or RV215W
If you do, then you will want to replace your gear as quickly as possible. The small business VPN routers listed above are nearing their end of life and end of support, and the company recently announced that there will be no additional security patches coming.
That's significant because these VPN UPnP routers are plagued by a serious zero-day bug tracked as CVE-2021-34730.
It should be noted that there are no known proof of concept exploits for this vulnerability and there are no known instances of it having been abused by hackers in the wilds. Even so it is just a matter of time before someone somewhere in the world takes advantage of it. This is especially true given that Cisco has specifically indicated that they have no intention of patching the issue.
If you're not in a position where you can upgrade to a newer router, then there is a relatively simple workaround that will eliminate your risk. Be aware that doing so will limit the equipment's utility.
The issue abuses the VPN feature of the routers in question. Simply toggling the VPN service off (disabling it) will protect you from being attacked via this avenue, at least.
If you're not sure how to toggle the VPN setting off, Cisco offered the following on a recent security bulletin.
"To determine whether the UPnP feature is enabled on the LAN interface of a device, open the web-based management interface and navigate to Basic Settings > UPnP. If the Disable check box is unchecked, UPnP is enabled on the device."
The advice is helpful, but it's a pity that Cisco made the decision not to patch the security flaw. Upgrade as quickly as you're able to.
If you need help upgrading or even just evaluating your security posture, give us a call at (214) 227-2437 for a no-nonsense conversation.