Cisco warns of vulnerabilities in its routers

2016-06-17 03:12 by
Tags: , , , ,


Cisco has warned of four vulnerabilities, among which one critical, in the web-based management interfaces of three products, including a firewall and two wireless routers (models RV110W, RV130W and RV215W).

"The vulnerability is due to improper input validation of certain parameters that are sent to an affected device via the HTTP GET or HTTP POST method. An unauthenticated, remote attacker could exploit this vulnerability by persuading a user to follow a link that is designed to submit malicious input to an affected device," Cisco said in its advisory." A successful exploit could allow the attacker to execute arbitrary script in the context of the web-based management interface for the device or allow the attacker to access sensitive browser-based information."

"An attacker could exploit this vulnerability by sending an HTTP request that contains configuration commands with a crafted payload," Cisco said. "A successful exploit could allow the attacker to cause a buffer overflow on the targeted system, which could cause the device to reload unexpectedly and result in a DoS condition."

Currently, there are no patches for the flaw. Cisco promised to issue a fix soon. In order to reduce the chance of being hacked, router owners can disable remote management capabilities.

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About