Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3093
Views
15
Helpful
13
Replies

RV320s / 325s admin page unreachable, after reboot empty blue screen, suspicious langName

jason_adc
Level 1
Level 1

‎05-04-2020 12:03 PM - edited ‎05-05-2020 07:16 AM

We have a high percentage of RV320s we control have the following symptoms

- Admin page timesout, can't connect.   Cannot Remote Admin or Local Admin

* edit: discovered that port 8443 can be reached internally at this point before reboot *

- Reboot router

- Admin page reachable, with errors.  Get blue background, nothing else.

- View Source, notice below line.

<input type="hidden" id="langName" name="langName" value='a;sh /tmp/z;,ENGLISH,Deutsch,Espanol,Francais,Italiano'>

- Using browser inspector tool am able to remove that, un-hide login credential table, change language from "undefined" to English.

- Then able to login

 

I have at least 40 that developed this behavior over the last week or so.

All have Firmware V1.5.1.05

7 people had this problem
Labels:
0 Helpful
13 Replies 13

psandel
Cisco Employee
Cisco Employee

‎05-05-2020 03:28 AM

Hi Sir,

 

My name is Puneet Sandel and I am from Cisco small business technical support center.

 

As per your issue kindly reset the router to factory default and clear the cache memory of the browser also.

 

Try accessing the Admin page of the router and see if the page still times out. Also once you are able to get into the router's web GUI, enable firewall and Block WAN request under Basic Firewall settings.

 

Hope this helps out. Do not forget to mark this post as the solution on case it resolves the issue.

 

In case the router is rebooting, please get a case open with us by calling our front line number. We will help you out after proper troubleshooting.

 

Please find below the link to contact front line team.

https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html

 

Regards,

Puneet Sandel

0 Helpful

jason_adc
Level 1
Level 1
In response to psandel

‎05-05-2020 07:12 AM

Hi Puneet
I had to deal with 40 of these yesterday, across the country. I'm not going to reset them all to factory defaults.
The firewall and block WAN requests were already set.
0 Helpful

Tim Dawson
Level 1
Level 1
In response to jason_adc

‎05-07-2020 02:48 PM - edited ‎05-08-2020 10:41 AM

Agree - this isn't Microsoft crap - it should *NOT* ever need a clear/flush/disembowel etc. to correct, especially since a lot of these are in remote dark sites that *CANNOT* be accessed to reconfigure due to COVID (and even without it, not easily).

 

The key here is that Cisco needs to figure out and *FIX* the vulnerability that allows this in the first place, and not just make lame PC-weenie type of suggestions on how to get it back so that it can get blown out again ...

 

Acknowlege and fix the problem, don't just make excuses Cisco!

 

Note also that port 8443 does *NOT* work for me - I get the following:

Forbidden You don't have perission to access/mod_ssl:error:HTTP-request on this server.

0 Helpful

jason_adc
Level 1
Level 1
In response to Tim Dawson

‎05-08-2020 12:33 PM

http to 8443 will give you the access/mod_ssl error because you're not using ssl
https to 8443 worked for me
0 Helpful

psandel
Cisco Employee
Cisco Employee
In response to Tim Dawson

‎05-09-2020 04:20 AM

Hi Tim,

 

Cisco publishes PSIRT public advisory to the public for any vulnerabilities for all their products. I already checked PSIRT at the first place and RV325 did not have any vulnerability related to the issue Jason was facing.

 

Also Many times the same issue has been solved by clearing the cache memory of the browser or doing a hard reset.

 

Also if you do a nmap and try to figure out all open ports for the gateway of the router, 8443 is well known for HTTPS access of the router.

 

Nevertheless, good to know that Jason was able to access the router via 8443 open port (HTTPS).

 

Regards,

Puneet Sandel

 

 

0 Helpful

Tim Dawson
Level 1
Level 1
In response to psandel

‎05-12-2020 02:45 PM

Kind of sad that with at least 40+ units getting hit with the same problem, that Cisco basically blows it off . . .

Exposure or not, any product that can be rendered unmanageable by something coming in the admin port *HAS A BUG IN IT!!!!*.  Whether there is an actual security risk or not, this is still a large issue!  Perhaps taking the language selection *OFF* the login page (pretty stupid for it to be there in the first place . . . should be *ZERO* alterable data facing outward pre login . . . ) or some such. 

 

More time addressing problems and less time denying the obvious would be a much better support policy!

0 Helpful

CiscoChris
Level 1
Level 1

‎05-15-2020 04:40 PM

Does anyone have a fix for this aside from doing a factory reset? I'm experiencing the same issue on one of my routers since yesterday morning. The certificate is invalid because it's date range is 2062 to 2072. 

When accessing the router on port 8443 from a remote vpn site, i get the following error:

Forbidden
You don't have permission to access /mod_ssl:error:HTTP-request on this server.

0 Helpful

CiscoChris
Level 1
Level 1
In response to CiscoChris

‎05-28-2020 11:20 AM - edited ‎05-28-2020 02:06 PM

Two weeks ago I drove for 2 hours to the site, performed a factory reset on the router, updated the router firmware to the latest version (RV32X_v1.4.2.22), and spent over an hour reprogramming the router.

Roughly 1 hour ago, the internet went out at the site. they power cycled the router, and now it's not offering the password prompt again. 

 

Edit: Interesting articles. i wonder if this is related:

https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/

https://www.helpnetsecurity.com/2019/03/28/cisco-botched-patches-for-its-rv320-rv325-routers/

 

0 Helpful

evgeshock
Level 1
Level 1
In response to CiscoChris

‎06-13-2020 05:10 AM

  1. Open the router’s login page in Google Chrome
  2. Open dev tools in your browser -> select Console and be ready to type 3 commands
  3. Print and hit enter: document.form_contents.changelanguage.value = "ENGLISH"
  4. Print and hit enter: document.form_contents.submitStatus.value=1
  5. Print and hit enter: document.form_contents.submit()
  6. It should post the change and reload the page

dpsw120
Level 1
Level 1
In response to evgeshock

‎06-29-2020 02:33 AM

Thank you sir, this solve my problem
0 Helpful

AllanMulholland75026
Level 1
Level 1
In response to evgeshock

‎12-03-2020 01:22 PM

Thanks! A nice simple solution that worked perfectly

0 Helpful

Tim Dawson
Level 1
Level 1

‎05-15-2020 04:59 PM

I did the same thing!

Use "https://:8443" and not just http . . . the error is due to that
being an SSL enabled port (IE 8-443) and not just html, and the port
number being alternate not giving the browser a hint . . .

- Tim
0 Helpful

AllanMulholland75026
Level 1
Level 1

‎12-03-2020 01:58 PM

I had the same issue as the other users above. Blue screen, no login box. When I looked at the source code for the page as suggested I found an IP address to an Apache testing server in the "langname" line. I cannot post the code (the message fails when i try to) but I am wondering if this is something I should be worried about. I am new to this so any advice is welcome

Customers Also Viewed These Support Documents