Cisco has issued a warning about a cross-site scripting (XSS) vulnerability in its end-of-life (EoL) RV series small business routers.
The flaw, identified as CVE-2024-20362 and remotely exploitable without authentication, affects the small business RV016, RV042, RV042G, RV082, RV320, and RV325 routers, which have been discontinued and no longer receive security updates. While Cisco says it is unaware of this vulnerability being exploited in the wild, there are no workarounds for the bug, so users should migrate to a supported product. Discontinued Cisco networking devices have been exploited in attacks.
The company described the problem as insufficient validation in the affected products’ web interface, which allows attackers to launch XSS attacks by convincing users to visit a malicious page, potentially leading to script execution or information leaks.
Read More: Cisco Warns of Vulnerability in Discontinued Small Business Routers
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.