Cisco announced that a number of its Wireless Residential Gateway products are vulnerable to a remote-code execution attack, which is exploited by sending a specially crafted HTTP request to the web server running on the affected device.
According to Cisco, the flaw is due to the incorrect input validation for HTTP requests, which could allow an attacker to exploit a buffer overflow and run arbitrary code on the device. The bug is about as serious as they come, giving remote, unauthenticated attackers access to the affected machines.
"Successful exploitation of the vulnerability may cause the embedded web server to crash and allow the attacker to inject arbitrary commands and execute arbitrary code with elevated privileges," the Cisco advisory says, and until now, "There are currently no known workarounds available for this vulnerability."
The Cisco products affected by the vulnerability are as follows:
- Cisco DPC3212 VoIP Cable Modem
- Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco EPC3212 VoIP Cable Modem
- Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
- Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
- Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
- Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Cisco said the security bug exists in the devices whether they are configured in a Gateway mode or Router mode on home or small office gateways.
Cisco uses the Common Vulnerability Scoring System (CVSS) to provide an open and standardized rating of the security holes it finds in its products. This vulnerability received a most critical rating according to its CVSS i.e. base score 10. The vulnerability was reported by Chris Watts of Tech Analysis to Cisco.
Cisco has released and distributed free software updates to its service provider customers that address the vulnerability, the service providers would further pass-on to the affected home and small office customers. The customers are advised to contact their service providers to confirm the software deployed by the service provider includes the fix.