Multiple Cisco Wireless Gateways Vulnerable to Remote Attacks
Jul 17, 2014
Multiple Cisco Wireless Residential Gateway products have a security vulnerability in the web server that could allow a remote attacker to hijack the devices remotely. Cisco announced that a number of its Wireless Residential Gateway products are vulnerable to a remote-code execution attack , which is exploited by sending a specially crafted HTTP request to the web server running on the affected device. According to Cisco, the flaw is due to the incorrect input validation for HTTP requests, which could allow an attacker to exploit a buffer overflow and run arbitrary code on the device. The bug is about as serious as they come, giving remote, unauthenticated attackers access to the affected machines. " Successful exploitation of the vulnerability may cause the embedded web server to crash and allow the attacker to inject arbitrary commands and execute arbitrary code with elevated privileges, " the Cisco advisory says, and until now, " There are currently no known workarou...
