Cisco Pulls A Tim Cook; Buy Grandma A New Router

Source: The Register Cisco Pulls A Tim Cook; Buy Grandma A New Router

We All Replace Our Routers Frequently, Right?

There are four small/medium business routers which were made by Cisco, as recently as five years ago, which have a flaw in their password validation algorithm.  If leveraged, an attacker can use it to access the device’s IPSec VPN without needing any of that pesky authentication most people expect is required to do so.  Indeed it gives full administrative access to the that portion of the router, and once they have control of the VPN then they can wreak all sorts of havoc.

Cisco will not be patching this.

Their reasoning is that the kit is old, the most recent reaching EOL this year and so Cisco feels justified in no longer supporting the four effected routers, even though some continued to be sold after their official EOL.  Those four models are the RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router.

There is a small problem in is that the majority of medium and small businesses, not to mention your ISP, do not upgrade their routers on any sort of schedule apart from replacing broken ones.  How old is the one your ISP provided, and when is the last time you upgraded any routers you might have in addition to it?  This sort of planned obsolescence is bad enough in a smart lightbulb, but for the hardware VPN you depend upon to provide security to be treated the same by it’s manufacturer is rather worrying.

Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

1 Comment

  1. razor512

    When a company is that quick to abandon their products, it is best to avoid all of their security related products.
    beyond that, it is shocking to see that they are providing less aftermarket support than cheaper mass market consumer routers targeted at budget focused consumers. For example, consider how when a security issue was found impacting multiple consumer routers, Netgear patched around 61 different models going back over 13 years, most were discontinued models.

    Overall, this short sighted greed will cost Cisco greatly in the future, especially considering that when a security issue impacts a number of different devices due to the the same flaw, then porting the patch to other models is not very hard. Even if the device is EOL, patching it makes for a lot of good will that improves consumer confidence.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!