There is a serious vulnerability in several Cisco wireless routers that could give an attacker root level access. The bug is the result of a backdoor in the routers that was set up as a test interface, and Cisco does not yet have patches available to fix it.
Cisco officials said the vulnerability is “an undocumented test interface” that exists in Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router and it could be used by a remote attacker to steal administrator credentials from a vulnerable router and then run arbitrary commands.
“This vulnerability can be triggered from the LAN interfaces of the Cisco WRVS4400N Wireless-N Gigabit Security Router and the Cisco RVS4000 4-port Gigabit Security Router from the wireless LAN (WLAN) and the LAN interfaces of the Cisco WAP4410N Wireless-N Access Point,” the Cisco advisory says.
“This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device. An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges.”
The routers that contain the vulnerability are all close to end of life, but Cisco still plans to issue patches for them. The company said that it will release fixed firmware versions by the end of January. The bug has the most serious CVSS score, a 10 for all of the vulnerable routers. The company said that there are no known workarounds for the vulnerabilities in any of the routers.