Cisco wireless kits are affected by a critical bug but no fix is available

Pierluigi Paganini June 16, 2016

A security advisory recently released by CISCO announce that three Cisco wireless kits are affected by a critical bug, but no fix is available at the moment.

SOHO devices are among most targeted network components in the wild, they are often poorly protected or not properly configured exposing users to serious risks. In these cases, hackers exploit well-known flaws in their firmware to compromise them, for this reason, it is very important to keep them up to date.

News of the day is that if you are the owner of one of the SOHO Cisco wireless kit you are in trouble.

Switchzilla has issued a critical patch for CISCO wireless kits belonging the RV family:

  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

The critical vulnerability resided in the web interface of the above CISCO wireless kits and could be exploited by a remote attacker just by sending crafted HTTP requests and execute code as root.

“A vulnerability in the web interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and the Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code as root on a targeted system.” states the advisory published by CISCO.
 
“The vulnerability is due to insufficient sanitization of HTTP user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request with custom user data. An exploit could allow the attacker to execute arbitrary code with root-level privileges on the affected system, which could be leveraged to conduct further attacks.”

CISCO WIRELESS KITS BUG RV215W Wireless-N VPN Router

The impact could be very serious, an attacker, for example could steal authentication cookies.

“A remote user can access the target user’s cookies (including authentication cookies), if any, associated with the Cisco Small Business RV Series interface, access data recently submitted by the target user via web form to the interface, or take actions on the interface acting as the target user.” reports the Security Tracker.

The bad news is that there isn’t any update, the company plans to release it in the third quarter.

“Cisco has not released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. ” continues the adivisory for the CISCO wireless kits.

It is suggested to disable the remote management feature on the flawed CISCO wireless kits.

“The web-based management interface is available for these devices via a local LAN connection or the remote management feature. By default, the remote management feature is disabled for the affected devices.” states CISCO. “To determine whether the remote management feature is enabled for a device, open the web-based management interface for the device and then choose Basic Settings > Remote Management. If the Enable check box is checked, remote management is enabled for the device.”

Cisco plan to release the update for the following releases:

  • For the Cisco RV110W Wireless-N VPN Firewall, Release 1.2.1.7;
  • For the Cisco RV130W Wireless-N Multifunction VPN Router, Release 1.0.3.16;
  • For the Cisco RV215W Wireless-N VPN Router, Release 1.3.0.8.

The bug vulnerability was discovered by the expert Samuel Huntley, who has also found an HTTP Request Buffer Overflow Vulnerability and a Cross-Site Scripting Vulnerability in the same devices.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cisco wireless kits, hacking)



you might also like

leave a comment