With the latest swing of Security Advisories, Cisco also documented a critical vulnerability in a series of routers that are used primarily in smaller companies. Since these have reached the end of their lifetime, Cisco does not want to provide updates. Instead, the manufacturer recommends that the person concerned, but to buy the successor model.
Attack via management interface
The LUCKE concretely affects the models RV110W, RV130, RV130W and RV215W. It can be exploited by special HTTP packages to the device and then brings the attacker directly root rights. This also works on the WAN interface if you have activated the remote maintenance of Ubers Internet. There you can at least turn off it; The LAN interface does not exist according to Cisco, according to Cisco.
Cisco settles this Lucke (CVE-2021-1459) in the highest degree of severity "critical" AN (CVSS: 9.8 out of 10). Because Cisco updates categorically excludes ("Has Not Released and Will Not Release") And no workarounds names, with which one could at least provisionally seal the affected equipment, the affected does not remain much other than this as soon as possible. Whether you like to orient yourself in the selection of a successor to Cisco’s recommendations, let it go.