Cisco warns of vulnerabilities in its routers2016-06-17 03:12 by Daniela
Tags: Cisco, router, RV110W, RV130W, RV215W
Cisco has warned of four vulnerabilities, among which one critical, in the web-based management interfaces of three products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).
"The vulnerability is due to improper input validation of certain parameters that are sent to an affected device via the HTTP GET or HTTP POST method. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to follow a link that is designed to submit malicious input to an affected device," Cisco said in its advisory." A successful exploit could allow the attacker to execute arbitrary script in the context of the web-based management interface for the device or allow the attacker to access sensitive browser-based information."
"An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload," Cisco said. "A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition."
Currently, there are no patches for the flaw. Cisco promised to issue a fix soon. In order to reduce the chance of being hacked, router owners can disable remote management capabilities.
Read more -here-