Cisco Small Business RV016, RV042, RV042G, and RV082 Routers Issues

By GIXnews


Cisco firmware for certain Cisco Small Business RV Series Routers is affected by the following issues:

Certificate and key issued to QNO Technology
Hardcoded password hashes
Multiple vulnerabilities in third-party software (TPS) components

Certificate and Key Issued to QNO Technology

An X.509 certificate with a corresponding public/private key pair was initially found in Cisco RV042 Dual WAN VPN Router firmware. This certificate is issued to third-party entity QNO Technology.

The certificate and keys in question are part of the firmware for the following Cisco products:

RV016 Multi-WAN VPN Router
RV042 Dual WAN VPN Router
RV042G Dual Gigabit WAN VPN Router
RV082 Dual WAN VPN Router

The certificate and keys were used for testing during the development of the firmware; they were never used for live functionality in any shipping version of the product. All shipping versions of the firmware for the affected products use dynamically created certificates instead.

The inclusion of this certificate and keys in shipping software was an oversight by the development team for these routers.

Cisco bug ID: CSCvq34370

Hardcoded Password Hashes

The /etc/shadow file included in Cisco firmware for the following Cisco products contains hardcoded password hashes for the users root, cisco, and lldpd.

RV016 Multi-WAN VPN Router
RV042 Dual WAN VPN Router
RV042G Dual Gigabit WAN VPN Router
RV082 Dual WAN VPN Router

The /etc/shadow file is not consulted during user authentication by the firmware. Instead, a dedicated alternate user database is used to authenticate users who log in to the web-based management interface of the affected routers.

An attacker with access to the base operating system on an affected device could exploit this issue to obtain elevated privileges at the level of the root, cisco, or lldpd user. However, Cisco is not currently aware of a way to access the base operating system on these routers.

Cisco bug ID: CSCvq34376

Multiple Vulnerabilities in Third-Party Software Components

Third-party software (TPS) components in the firmware for the following products contain vulnerabilities:

RV016 Multi-WAN VPN Router
RV042 Dual WAN VPN Router
RV042G Dual Gigabit WAN VPN Router
RV082 Dual WAN VPN Router

Cisco will handle these vulnerabilities by using the regular Cisco process for TPS vulnerabilities in accordance with the Cisco Security Vulnerability Policy. For information about known TPS vulnerabilities that affect the firmware for these routers, consult the Cisco Bug Search Tool.

Security Impact Rating: Informational

Source:: Cisco Security Advisories