One is that disabling remote management and blocking access to ports 443 and 60443 is a workaround that prevents exploitation of the flaws.
The other is that the devices have reached end of life. Cisco ended support for the RV082 and RV016 in 2021, and software maintenance ended for the RV042 and RV042G in the same year – but the hardware will be supported until 2025. Now for the tricky part: Cisco is"aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory" but"is not aware of any malicious use of the vulnerabilities that are described in this advisory."
But given that criminals routinely hunt for easy-to-attack platforms, it surely won't be long before someone attempts to exploit these vulnerabilities.that small businesses are not renowned for their infosec capabilities or diligence. So while the fix is relatively trivial for a technical user, many actual owners of these machines will have no idea how to block access to ports 443 and 60443. That is, if they even receive news of the flaws.
Throw in the fact that small routers often just work for years at a time without intervention, and it is almost certain some of these devices are ripe for attack – and will be for the foreseeable future. ®
I hate fucking cisco, they are terrible
SMBs shouldn't be running their routers in that sense. Far better to stick a firewall on the inside that can be maintained.