Buyers of Cisco’s RV sequence of little to medium-sized business routers are recommended to patch their devices urgently to correct a number of significant vulnerabilities.

The vulnerabitilies make it possible for attackers to operate arbitrary code and commands on the routers, as effectively bypass person authentication and cause denial-of-services scenarios.

Attackers can also elevate person privileges and fetch and run unsigned software by exploiting the vulnerabilities, Cisco said.

Three of the vulnerabilities are rated at the whole 10. on the Popular Vulnerabilities Scoring Procedure (CVSS).

Cisco stated the subsequent routers need to have patching:

  • RV160 VPN 
  • RV160W Wireless-AC VPN
  • RV260 VPN
  • RV260P VPN routers with PoE
  • RV260W Wireless-AC VPN
  • RV340 Dual WAN Gigabit VPN
  • RV340W Twin WAN Gigabit Wireless-AC VPN
  • RV345 Twin WAN Gigabit VPN
  • RV345P Twin WAN Gigabit POE VPN

In addition, the RV340, RV340W, RV345 and RV345P equipment also have some of the vulnerabilities in Cisco’s stability advisory, and require patching.

No workarounds are available for the vulnerabilities, Cisco mentioned.