Menu
Vulnerability exposes some Cisco home wireless devices to hacking

Vulnerability exposes some Cisco home wireless devices to hacking

Specially crafted HTTP requests could trigger remote code execution on the affected devices, Cisco said

Nine of Cisco's home and small office cable modems with router and wireless access point functionality need software updates to fix a critical vulnerability that could allow remote attackers to completely compromise them.

The company has shared the software updates with service providers, so users who obtained the affected equipment from their ISPs or other Cisco resellers should contact those organizations.

The vulnerability is a buffer overflow that results from incorrect validation of input in HTTP requests. If left unpatched, it allows remote, unauthenticated attackers to inject commands and execute arbitrary code with elevated privileges.

"An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device," Cisco said in a security advisory. "This vulnerability exists whether the device is configured in Router mode or Gateway mode."

The flaw received the highest criticality rating (10.0) on the Common Vulnerability Scoring System (CVSS), which means it can completely compromise the confidentiality, integrity and availability of the targeted device.

The affected wireless residential gateway products, as Cisco calls them, are: Cisco DPC3212 VoIP Cable Modem, Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway, Cisco EPC3212 VoIP Cable Modem, Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway, Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem, Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA, Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA, Cisco Model EPC3010 DOCSIS 3.0 Cable Modem and Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA.

There is currently no workaround for addressing this vulnerability aside from updating the software.

Users with direct Cisco service contracts can obtain the patched software versions directly from the company's website and those without such contracts should contact the Cisco Technical Assistance Center.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityNetworkingintrusionnetworking hardwareCisco SystemspatchesExploits / vulnerabilities

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments