Two days after Cisco patched a severe vulnerability in a popular brand of SOHO routers, and one day after the publication of proof-of-concept code, hackers have started scans and attacks exploiting the said security bug to take over unpatched devices.
The vulnerability, tracked as CVE-2019-1663, was of note when it came out on February 27 because it received a severity score from the Cisco team of 9.8 out of a maximum of 10.
It received such a high rating because the bug is trivial to exploit and does not require advanced coding skills and complicated attack routines; it bypasses authentication procedures altogether; and routers can be attacked remotely, over the internet, without attackers needing to be physically present on the same local network as the vulnerable device.
Affected models include the Cisco RV110, RV130, and RV215, all of which are WiFi routers deployed in small businesses and residential homes.
This means that the owners of these devices won't likely be keeping an eye on Cisco security alerts, and most of these routers will remain unpatched --unlike in large corporate environments where IT personnel would have already deployed the Cisco fixes...
Read more: Hackers have started attacks on Cisco RV110, RV130, and RV215 routers | ZDNet
See also: Cisco Security Threat and Vulnerability Intelligence