Do you own any of the following Cisco UPnP (Universal Plug and Play) routers?
- RV110W
- RV130
- RV130W
- Or RV215W
If you do then you will want to replace your gear as quickly as possible. The small business VPN routers listed above are nearing their end of life and end of support and the company recently announced that there will be no additional security patches coming.
That's significant because these VPN UPnP routers are plagued by a serious zero-day bug tracked as CVE-2021-34730.
It should be noted that there are no known proof of concept exploits for this vulnerability and there are no known instances of it having been abused by hackers in the wilds. Even so it is just a matter of time before someone somewhere in the world takes advantage of it. This is especially true given that Cisco has specifically indicated that they have no intention of patching the issue.
If you're not in a position where you can upgrade to a newer router then there is a relatively simple workaround that will eliminate your risk. Be aware that doing so will limit the equipment's utility.
The issue abuses the VPN feature of the routers in question. Simply toggling the VPN service off (disabling it) will protect you from being attacked via this avenue, at least.
If you're not sure how to toggle the VPN setting off, Cisco offered the following on a recent security bulletin.
"To determine whether the UPnP feature is enabled on the LAN interface of a device, open the web-based management interface and navigate to Basic Settings > UPnP. If the Disable check box is unchecked, UPnP is enabled on the device."
The advice is helpful but it's a pity that Cisco made the decision not to patch the security flaw. Upgrade as quickly as you're able to.
_____________________________________________________________________________________________
STOP OVERPAYING for CABLE and Netflix!
TeQ I.Q. Service Starting at $10 a month!
TeQ I.Q. Service works on "Apple, Android, Roku, Amazon, Computers, and more"
"We Now have TeQ I.Q. VOD+(Video On Demand) for $10 a month. The Best VOD Service!
"If you have Netflix or any other VOD Service you should switch to TeQ I.Q. VOD+ Service"
It is better than Netflix with 5 Connections and 4K and 3D included. Better than all other VOD services with Over 30,000 Movies, including New In Theatre Movies, Over 10,000 TV Series and growing. TeQ I.Q. VOD+ adds Movies and TV Series on Request.
Check out our TeQ I.Q. Services at https://www.teqiq.com/tv
We are giving a Free in Person TeQ Seminar at our office in La Mesa every Wednesday from 12pm-1pm and a Free TeQ Support Q&A from 1pm-2pm. Go to https://www.teqiq.com/events for our upcoming Events and https://www.teqiq.com/seminars for info on each Seminar.
For Free Consultation Call Now Robert Black at (619) 255-4180 or visit our website https://www.teqiq.com/
Chase Bank and Others Trust TeQ I.Q. with their IT and TeQnology so can you!