The U.S. Cybersecurity and Infrastructure Safety Company (CISA) issued an pressing warning on March 3, 2025, about actively exploiting a essential command injection vulnerability (CVE-2023-20118) affecting end-of-life Cisco Small Enterprise RV Collection Routers.
The flaw, which carries a CVSSv3.1 rating of 6.5, permits authenticated attackers to execute arbitrary instructions with root privileges, probably compromising total networks.
Vulnerability Particulars and Exploitation
CVE-2023-20118 stems from improper validation of user-supplied HTTP enter within the routers’ web-based administration interface.
Attackers with legitimate administrative credentials can craft malicious HTTP requests to bypass safety controls, inject instructions, and acquire unauthorized entry to delicate information or disrupt companies.
Cisco confirmed the vulnerability impacts RV016, RV042, RV042G, RV082, RV320, and RV325 fashions operating firmware variations launched earlier than April 2023.
Notably, the corporate has said it won’t launch patches, as these units have reached end-of-life standing.
CISA’s advisory highlights that federal companies should both apply mitigations or discontinue use of affected routers by March 24, 2025, underneath Binding Operational Directive (BOD) 22-01.
Non-public organizations are additionally urged to prioritize remediation, as French cybersecurity agency Sekoia lately noticed exploitation makes an attempt linked to the PolarEdge botnet marketing campaign.
This botnet goals to co-opt weak routers into distributed denial-of-service (DDoS) networks or leverage them as entry factors for lateral motion.
Dangers and Mitigation Challenges
The absence of vendor-supplied patches complicates mitigation. Directors are suggested to:
- Instantly limit administrative entry to the routers’ administration interfaces.
- Monitor logs for uncommon HTTP exercise, notably unauthorized command execution makes an attempt.
- Take into account decommissioning affected units in favor of supported fashions.
CISA emphasised that continued use of unpatched routers poses “important dangers to essential infrastructure,” given their prevalence in small enterprise and distant work environments.
The company’s alert follows Shadowserver Basis reviews of escalating exploitation makes an attempt since August 2024, although full scope stays unclear.
This incident underscores the risks of counting on out of date {hardware} in enterprise networks.
With Cisco’s RV Collection routers extensively deployed because the early 2010s, many organizations now face pressing {hardware} refresh choices.
Cybersecurity consultants warn that delayed motion might result in ransomware assaults, information breaches, or operational downtime,
As menace actors more and more goal legacy techniques, CISA’s advisory is a stark reminder to align vulnerability administration practices with evolving threats.
For now, community directors should weigh the price of new infrastructure in opposition to the rising dangers of sustaining weak units.
Are you from SOC/DFIR Groups? – Analyse Malware Incidents & get reside Entry with ANY.RUN -> Begin Now for Free.