Cisco Patches Critical Flaw in a Slew of Home Gateways - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

Cisco Patches Critical Flaw in a Slew of Home Gateways

Cisco has released a patch to address a vulnerability in multiple wireless residential gateway products, which could put sensitive data and information at risk.

The issue is in the web server used, which could allow an unauthenticated, remote attacker to crash the web server with a buffer overflow, and execute arbitrary code with elevated privileges. 

According to Cisco’s advisory, the vulnerability is due to incorrect input validation for HTTP requests; an attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. 

The vulnerability exists whether the device is configured in router mode or gateway mode. The list of affected products include:

  • Cisco DPC3212 VoIP Cable Modem
  • Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco EPC3212 VoIP Cable Modem
  • Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
  • Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
  • Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
  • Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Cisco is unaware of any public exploits. The company has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

The development gives concreteness to heightened awareness of potential data breaches stemming from the rise of the connected home and the internet of things (IoT).





Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter