05-04-2020 12:03 PM - edited 05-05-2020 07:16 AM
We have a high percentage of RV320s we control have the following symptoms
- Admin page timesout, can't connect. Cannot Remote Admin or Local Admin
* edit: discovered that port 8443 can be reached internally at this point before reboot *
- Reboot router
- Admin page reachable, with errors. Get blue background, nothing else.
- View Source, notice below line.
<input type="hidden" id="langName" name="langName" value='a;sh /tmp/z;,ENGLISH,Deutsch,Espanol,Francais,Italiano'>
- Using browser inspector tool am able to remove that, un-hide login credential table, change language from "undefined" to English.
- Then able to login
I have at least 40 that developed this behavior over the last week or so.
All have Firmware V1.5.1.05
05-05-2020 03:28 AM
Hi Sir,
My name is Puneet Sandel and I am from Cisco small business technical support center.
As per your issue kindly reset the router to factory default and clear the cache memory of the browser also.
Try accessing the Admin page of the router and see if the page still times out. Also once you are able to get into the router's web GUI, enable firewall and Block WAN request under Basic Firewall settings.
Hope this helps out. Do not forget to mark this post as the solution on case it resolves the issue.
In case the router is rebooting, please get a case open with us by calling our front line number. We will help you out after proper troubleshooting.
Please find below the link to contact front line team.
https://www.cisco.com/c/en/us/support/web/tsd-cisco-small-business-support-center-contacts.html
Regards,
Puneet Sandel
05-05-2020 07:12 AM
05-07-2020 02:48 PM - edited 05-08-2020 10:41 AM
Agree - this isn't Microsoft crap - it should *NOT* ever need a clear/flush/disembowel etc. to correct, especially since a lot of these are in remote dark sites that *CANNOT* be accessed to reconfigure due to COVID (and even without it, not easily).
The key here is that Cisco needs to figure out and *FIX* the vulnerability that allows this in the first place, and not just make lame PC-weenie type of suggestions on how to get it back so that it can get blown out again ...
Acknowlege and fix the problem, don't just make excuses Cisco!
Note also that port 8443 does *NOT* work for me - I get the following:
Forbidden You don't have perission to access/mod_ssl:error:HTTP-request on this server.
05-08-2020 12:33 PM
05-09-2020 04:20 AM
Hi Tim,
Cisco publishes PSIRT public advisory to the public for any vulnerabilities for all their products. I already checked PSIRT at the first place and RV325 did not have any vulnerability related to the issue Jason was facing.
Also Many times the same issue has been solved by clearing the cache memory of the browser or doing a hard reset.
Also if you do a nmap and try to figure out all open ports for the gateway of the router, 8443 is well known for HTTPS access of the router.
Nevertheless, good to know that Jason was able to access the router via 8443 open port (HTTPS).
Regards,
Puneet Sandel
05-12-2020 02:45 PM
Kind of sad that with at least 40+ units getting hit with the same problem, that Cisco basically blows it off . . .
Exposure or not, any product that can be rendered unmanageable by something coming in the admin port *HAS A BUG IN IT!!!!*. Whether there is an actual security risk or not, this is still a large issue! Perhaps taking the language selection *OFF* the login page (pretty stupid for it to be there in the first place . . . should be *ZERO* alterable data facing outward pre login . . . ) or some such.
More time addressing problems and less time denying the obvious would be a much better support policy!
05-15-2020 04:40 PM
05-28-2020 11:20 AM - edited 05-28-2020 02:06 PM
Two weeks ago I drove for 2 hours to the site, performed a factory reset on the router, updated the router firmware to the latest version (RV32X_v1.4.2.22), and spent over an hour reprogramming the router.
Roughly 1 hour ago, the internet went out at the site. they power cycled the router, and now it's not offering the password prompt again.
Edit: Interesting articles. i wonder if this is related:
https://www.zdnet.com/article/hackers-are-going-after-cisco-rv320rv325-routers-using-a-new-exploit/
https://www.helpnetsecurity.com/2019/03/28/cisco-botched-patches-for-its-rv320-rv325-routers/
06-13-2020 05:10 AM
06-29-2020 02:33 AM
12-03-2020 01:22 PM
Thanks! A nice simple solution that worked perfectly
05-15-2020 04:59 PM
12-03-2020 01:58 PM
I had the same issue as the other users above. Blue screen, no login box. When I looked at the source code for the page as suggested I found an IP address to an Apache testing server in the "langname" line. I cannot post the code (the message fails when i try to) but I am wondering if this is something I should be worried about. I am new to this so any advice is welcome
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide