Can Cisco’s wireless home gateways be hacked into?

Malware

by Amy-jo Crowley| 17 July 2014

Vulnerability is said to be present in nine of Cisco’s wireless home gateways.

A number of Cisco's wireless gateway products are vulnerable to being controlled by hackers.

The networking firm, which recently uncovered spearphishing malware in Microsoft Word, said attackers could enable remote code execution by sending a crafted HTTP request to the web server running on the hardware.

"Successful exploitation of the vulnerability may cause the embedded web server to crash and allow the attacker to inject arbitrary commands and execute arbitrary code with elevated privileges," Cisco said.

"This vulnerability exists whether the device is configured in Router mode or Gateway mode.

The vulnerability, which was reported to Cisco by Chris Watts from Tech Analysis, is also present whether the device is configured in Router mode or Gateway mode.

The nine products that are vulnerable include: Cisco DPC3212 VoIP Cable Modem, Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway, Cisco EPC3212 VoIP Cable Modem, Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway, Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem, Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA, Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA, Cisco Model EPC3010 DOCSIS 3.0 Cable Modem and Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA.

Cisco said it has released a patch to broadband providers to pass onto affected homes and offices.

The company reported earlier this month that attackers could gain administrative access to its Unified Communications Domain Manager (Unified CDM) software by exploiting a default SSH private key.

 

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

755 people like this.
0 people follow this.

Malware Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.