Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1054
Views
0
Helpful
4
Replies

RV042G PCI DSS SSL Issues

mavengroup
Level 1
Level 1

‎10-29-2014 04:19 AM

Looks like the RV042G needs another firmware updates as the units we have in the field are now not passing PCI DSS Scans.  Dealing with the compliance scanning companies, they are telling me that the firmware is the way to fix this.  Here are the errors reported:

 

Cross-site scripting vulnerability in portalname parameter to /cgibin/userLogin.cgi - FAIL

Description: Several types of web servers and CGI programs include the user's request in their response. For example, a request for the page http://server/nonexistent_page.html may cause server to respond: The page nonexistent_page.html does not exist on this server.

 

Response splitting vulnerability in portalname parameter to /cgibin/userLogin.cgi - FAIL

Description: Some programs on web servers place user- supplied parameters into certain HTTP headers.

 

I am using port 443 for remote access to the devices.  Moving the port simply changes the reported failure to that port.  Any suggestions or has anyone heard for a firmware update coming soon for this device?

Thanks.  John

 

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

dwyerja01
Level 1
Level 1

‎02-18-2015 12:47 PM

The failure i am getting for PCI compliance is that the SSL Keylength is to short (1024 bits instead of the required 2048 bits)  the error is comming on port 60443 (The port used by quickvpn - a service I am not using)

 

 

0 Helpful

mavengroup
Level 1
Level 1
In response to dwyerja01

‎02-19-2015 03:47 AM

Hi dwyerja01,

Unfortunately I do not think Cisco is going to do anything about this.  I have emailed my sales support contact (no response), called tech support (clueless on when or if there will be a firmware update - the only way to fix this) and posted here (no response from Cisco).

With that said, we have begun a transition away from Cisco Small Business gear.  While this is disappointing for us, supporting their router platform is just not a priority for them (or so it seems).

If we get lucky, maybe a new firmware will drop.  Fingers crossed!

If I find or get more information I will post back here (please do the same).

John

0 Helpful

dwyerja01
Level 1
Level 1
In response to mavengroup

‎02-19-2015 06:26 AM

John:

 

Thanks  time to find anther router as my non-profit will not pass PCI with this one.  I am very disappointed to say the least

0 Helpful

richard_artes
Level 1
Level 1
In response to dwyerja01

‎09-20-2019 04:38 AM

Did you find a small-business router that does pass PCI compliance?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents