Cisco Wireless Residential Gateway Remote Code Execution flaw

Pierluigi Paganini July 17, 2014

Multiple Cisco Wireless Residential Gateway products are affected by a critical flaw that could allow a remote attacker to hijack the devices.

A security vulnerability affects multiple Cisco wireless residential Gateway products, the flaw resides on the web server an could be exploited by a remote attacker to hijack the network appliance. The flaw, ranked with CVSS Base Score – 10.0, is very serious because the diffusion of the Cisco network devices and due to the possibility to exploit remotely the flaw.
CISCO wireless routes security flaw
Cisco issued a security advisory to announce many Residential Gateway products are vulnerable to a remote-code execution attack, which could be conducted by sending a specially crafted HTTP request to the internal web server running on the network device.
“Successful exploitation of the vulnerability may cause the embedded web server to crash and allow the attacker to inject arbitrary commands and execute arbitrary code with elevated privileges,” states the Cisco advisory   
Experts at Cisco confirmed that the vulnerability is due to the incorrect input validation for HTTP requests, an attacker could cause a  buffer overflow and run arbitrary code on the Cisco wireless residential Gateway product.
” Successful exploitation could allow the attacker to crash the web server and execute arbitrary code with elevated privileges” states Cisco.
The Cisco wireless residential Gateway products affected by the vulnerability are:
  • Cisco DPC3212 VoIP Cable Modem
  • Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco EPC3212 VoIP Cable Modem
  • Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
  • Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
  • Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
  • Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Cisco confirms that the vulnerability is exploitable in wireless residential Gateway products whether they are configured in a Gateway mode or Router mode for  home or small office gateways.
Cisco has promptly released a free software update to its service provider customers to fix the vulnerability. Service providers have to provide the update from CISCO to affected home and small office customers.
The customers are advised to contact their service providers to verify if the fix could be applied to the software running on their devices.

Pierluigi Paganini

Security Affairs –  (Cisco wireless residential Gateway products, networking)



you might also like

leave a comment