Cisco Systems does not plan to fix a critical security vulnerability affecting some of its Small Business routers. The bug, tracked as CVE-2021-1459, is rated with a CVSS score of 9.8 out of 10. The flaw stems from improper validation of user-supplied input in the web-based management interface. The company doesn’t intend to release a patch or make any workarounds available, citing that the products have reached end-of-life. Cisco has also released software updates to address multiple vulnerabilities in Cisco SD-WAN vManage Software.
Source: https://thehackernews.com/2021/04/cisco-will-not-patch-critical-rce-flaw.html