US-CERT issued an advisory yesterday warning of a critical vulnerability in Cisco’s Wireless Residential Gateway.
Cisco has patched the vulnerability and also released its own warning, informing customers of a remote code execution vulnerability in the web server used by the gateway that is present in a slew of home and small business products, including:
- Cisco DPC3212 VoIP Cable Modem
- Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco EPC3212 VoIP Cable Modem
- Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
- Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
- Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
- Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
The bug could allow an attacker to either remotely crash the web server or execute code.
“The vulnerability is due to incorrect input validation for HTTP requests,” Cisco said in its advisory. “An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.”
Cisco said it is not aware of any public exploits. The bug was reported by Chris Watts of Tech Analysis, an Australian service provider. Cisco said the patches and updates have been released to service providers and customers need to coordinate with their providers. There are no workarounds provided by Cisco, the company said.
The products are prominent in the home and small business markets, Cisco said, and an attacker exploiting the bug could access ingress and egress traffic, putting sensitive personal and business data at risk.
This is the second critical advisory from Cisco this month. On July 3, the company announced that its Cisco Unified Communications Domain Manager contained a default private SSH key that was insecurely stored. An attacker could access the SSH key and gain system access with root privileges.
The UCDM allows IT administrators to control Unified Communications Manager implementations from a central console. Cisco also patched a privilege escalation vulnerability and an unauthorized data manipulation flaw.