Cisco Patches Authentication, Denial-of-Service, NTP Flaws In Many Products

itwbennett writes: Cisco Systems has released a new batch of security patches for flaws affecting a wide range of products, including for a critical vulnerability in its RV220W wireless network security firewalls. The RV220W vulnerability stems from insufficient input validation of HTTP requests sent to the firewall's Web-based management interface. This could allow remote unauthenticated attackers to send HTTP requests with SQL code in their headers that would bypass the authentication on the targeted devices and give attackers administrative privileges.

Input validation does not cause SQLi

[WaffleMonster]

The only cause of SQLi is gross incompetence. It can never be caused by an accident or failure to do something.

It can only caused by willful and deliberate action to do something you know or should know to be wrong, stupid and dangerous at the time you did it. Unbound query strings don't build themselves.