Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely

Cisco SMB kit harbors cross-site scripting bug: One wrong link click... and that's your router pwned remotely

Cisco has patched a cross-site scripting vulnerability in two VPN routers it sells to small businesses and branch offices.


The software update addresses CVE-2020-3431, a bug present in the Cisco Small Business RV042 Dual WAN VPN Router and Cisco Small Business RV042G Dual Gigabit WAN VPN Router. We're told this flaw can be exploited by "an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device."


In other words, if someone tricks you into clicking on a specially crafted link in a browser, for instance, they can potentially access your equipment's management interface as you, changing or snooping on your configuration settings to gain further access or cause mischief. This requires the ..

Support the originator by clicking the read the rest link below.