"the boxes can also be made to create DDoS attacks"
So, no National Security issues here ?
Of course not, it's Cisco, not Huawei. We're safe.
Move along, citizen, move along.
Cisco has revealed five critical bugs, three of them rated 10/10 on the Common Vulnerability Scoring System, that impact four of its router families aimed at small businesses. And it only has patches available for two of the affected ranges. The flaws impact the RV160, RV260, RV340 and RV345 products, all of which can be …
The crucial difference is that yer shifty foreign bastards have to find the holes in order to use them, rather than being told exactly what to do by the manufacturer (and how the new ones work when the old ones are found by someone else and have to be patched).
At least you're making the sods work for their intel.
This. The network my boss had his sysop relative build for us (without consulting me) "featured" a RV110W.
In all its 4-port, 10/100 Ethernet & 2.4gHz 802.11abn glory.
2.4gHz N. Just the thing for no inference high speed Wi-Fi inside a dense, multistorey office building.
All that glorious power...in 2013!
Stuck working with it for 5 years, it did not receive a SINGLE firmware update beyond 2014 during that time (I just looked: they finally updated the firmware in 2020, only 1 short year after it was discontinued!).
"Goodbye and good riddance" were my only parting words to it.
Can't the NSA just push the patches through their backdoor? ....HildyJ
The fact that they [NSA] can’t, or if we be generous and suggest that they won’t, tells one and all everything they need to know about the impotence of the NSA in such fields of virtual endeavour which some systems would claim to be of a vital nature for the exclusive success of their business.
No shades of grey in that revelation which is more than just suggesting that unholy emperor [NSA] has no clothes.
fixed software is yet to arrive for some models
I'm suprised fixes for any exist. Historically cisco seems to have had zero interest in fixing any issues with the crappy RV series. I suppose 10/10 CVE makes an exception.
Tried few RV series kit and they were atrocious. no stability. Random freezes/crashes, etc (and I wasn't even trying to push them hard). Cisco's forums revealed all the issues were common and cisco showed no interest in fixing issues.
Agree wholeheartedly on your description of the RV series being awful, at least the earlier ones were. Part of the reason they sucked so bad was because some models were holdovers from the Linksys acquisition, and yes it appeared Cisco had zero interest touching them. God what a fiasco those few years were...
The 340/345 are newer ~2015 hardware, and in my experience they weren't terrible, although for sure had bugs that never got fixed. I recall getting decent performance out of them, something like 500mbps IPsec and gigabit NAT. I think the hardware was Cavium based, but I'm not 100 percent on that. As a product line they seem on their way out....
Quote: "Networking giant reveals three 10/10 rated critical router bugs"
Now....since these "features" were probably bought and paid for by a secretive organisation in Fort Meade, MD, one has to ask the obvious question....
Why would Cisco reveal them now?
Perhaps because the patches will install improved "features"?
I think we should be told!!