Cisco is warning of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security updates to address the bug because they have reached end of life (EoL).

The flaw is an authentication bypass issue that resides in the web-based management interface of the routers, an attacker. An unauthenticated, remote attacker can exploit the CVE-2023-20025 flaw to bypass authentication on vulnerable devices.