Cisco will not patch serious security hole in its old VPN routers

“Upgrade to a newer model,” says Cisco

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cisco has disclosed that some models of its small businessVPN routersship with a vulnerable Universal Plug-and-Play (UPnP) service that can be exploited to either remotely run arbitrary code or cause the device to restart unexpectedly.

However, the company has refused to issue a patch to plug the vulnerability, arguing that the devices have reached end-of-life.

“Cisco has not released and will not release software updates to address the vulnerability described in this advisory,”shared Ciscoin its advisory.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

The zero-day bug, tracked as CVE-2021-34730, and rated with a critical severity score of 9.8, exists due to the improper validation of incoming UPnP traffic, and was reported bycybersecurityresearchers from IoT Inspector Research Lab.

End of the line

Cisco shared that the small businessVPNrouters that are affected by this vulnerability include the RV110W, RV130, RV130W, and RV215W, all of which have reached end-of-life and aren’t actively supported.

The company advises owners of the vulnerable devices to switch to newer, supported versions, namely the RV132W, RV160, and RV160W router.

For what it’s worth though, as far as Cisco’s Product Security Incident Response Team (PSIRT) can tell there are no publicly known exploits of the vulnerability.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Furthermore, the vulnerability can be exploited only if the UPnP service is toggled on in the affected models. While Cisco has shared that the service is enabled by default, to protect themselves against exploits, owners of the vulnerable devices can simply disable the UPnP service.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Is it still worth using Proton VPN Free?

Mozambique VPN usage soars as internet restrictions continue

I’ve used Genmoji and now I’m convinced Apple Intelligence will be a huge success