Running a Cisco RV320 or RV325 VPN router on your premise? It is highly recommended to install the latest security patch, as a new exploit has surfaced which exploits a vulnerability in the VPN routers.
The exploit takes advantage of the CVE-2019-1653/CVE-2019-1652 vulnerabilities. The exploit code took advantage of a command injection flaw and a file disclosure flaw, which allows the dumping of plain text configuration file, which also includes password hashes to the webUI.
CVE-2019-1652—The flaw allows an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands on the system.
CVE-2019-1653—This flaw doesn't require any authentication to reach the router's web-based management portal, allowing attackers to retrieve sensitive information including the router's configuration file containing MD5 hashed credentials and diagnostic information.
Researchers from Bad Packets have also found at least 9657 Cisco routers worldwide that are still operating with the vulnerable firmware, and the majority of such routers are in the United States. The firm also shared a visualization of the vulnerable routers in 122 countries, with networks operated by 1619 unique internet service providers.
It is highly recommended that administrators of such routers should update their firmware immediately to prevent any security incident. An example of a failure to patch a critical vulnerability leading to a major data breach incident is the Equifax incident. The vulnerability exploited then was an Apache Struts vulnerability, and because it was not patched in time, attackers were able to gain a foothold and subsequently ex-filtrate sensitive data, leading to one of the biggest data breaches as we know today.