02-25-2015 12:01 PM
Cisco RV320 remote management (port 443) fails PCI compliance by a major PCI compliance vendor (Trustwave).
Failing issues:
Other serious issues:
1. Auto-Completion Enabled for Password Fields
2. SSL certificates with a public key of less than 2048 bits are more susceptible to man in the middle attacks (Yes, I can create a new certificate with >= 2048 bits, but the default self-signed cert should be at least 2048)
Solved! Go to Solution.
02-27-2015 03:21 PM
If you have still valid warranty for your RV320 device, I would suggest you to address those issues directly to Small Business Support Center (SBSC) via their customer service system. As those are security related concerns AND device RV320 is not on EoL list in meantime, I hope that this could be addressed and fixed in future releases of firmwares for this device.
I am afraid, that nobody else on this forum could move forward your question here on forum as those options are not configurable (at least not officially) and must be fixed on firmware level only. You have to use official channels to make this corrected.
02-27-2015 03:21 PM
If you have still valid warranty for your RV320 device, I would suggest you to address those issues directly to Small Business Support Center (SBSC) via their customer service system. As those are security related concerns AND device RV320 is not on EoL list in meantime, I hope that this could be addressed and fixed in future releases of firmwares for this device.
I am afraid, that nobody else on this forum could move forward your question here on forum as those options are not configurable (at least not officially) and must be fixed on firmware level only. You have to use official channels to make this corrected.
03-01-2015 06:42 PM
Thanks Michal. I was not aware of that process. I thought Cisco product people read these forums. So I'll plan to contact them as you advised.
03-02-2015 12:31 AM
hi Jacob
yes, some of them reads forum contents and discussion and they hare mostly very helpful. But they are focusing mainly on configuration-related issues, not issues related to firmware like you are. Yes, they probably read your content, but without additional official way of customer support they didn't do nothing as per their internal rules.
02-28-2015 09:19 AM
Almost all routers fail any major PCI compliance standards. There is only one router that I know of that has passed all PCI compliance and that one is made by Mako Networks.
03-01-2015 06:41 PM
The RV320 router passed PCI compliance the last time we were tested 2 months ago with remote management enabled. It only failed in this last test. The failing issues which I posted above seem pretty straightforward for Cisco to fix.
03-02-2015 01:24 PM
Were you on a different firmware then?
03-02-2015 01:38 PM
Yes, I recently updated the firmware from 1.1.1.06 to 1.1.1.19.
03-03-2015 04:55 AM
:( This is a case of one fix breaking another.
As a temporary workaround, if the previous firmware passed compliance, I would revert to that firmware until a new update comes out with the fix for the current firmware's issue.
03-04-2016 01:49 PM
Had this same problem too, even with newer firmware 1.2.1.14
Somehow it appears that unchecking the box for Remote Management in the UI still doesn't truly block access to port 443 on the WAN; it merely blocks access to the UI?
Our solution was to disable remote management and, importantly, create a DENY firewall rule for the WAN port scanned by trustwave that specifically blocks port 443
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide