There’s a serious security flaw in some of Cisco’s wireless routers that could allow a remote attacker to take complete control of the router. The bug is in a number of the Cisco small business routers, as well as a wireless VPN firewall.
Cisco has released patches to fix the vulnerability in its Wireless-N VPN Router family and the Wireless-N VPN Firewall. The company said that the flaw is due to a problem in the way that the routers handle authentication requests.
“A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device,” the Cisco advisory says.
“The vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device.”
Cisco says that it isn’t aware of ay public exploits for this vulnerability or any attack attempts against it yet.