You can, it seems, simply go to the Administration > Management page in the configuration interface and turn off Remote Management: In simple English, that means a crook could connect to your router via HTTPS and, without entering a username or password, take it over.Ĭisco goes one step further and suggests that “ orkarounds that mitigate this vulnerability are not available,” but the online manual fortunately suggests otherwise. could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. Sadly, however, a cryptographically secure connection alone doesn’t shield your web server code from buffer overflows when it handles the requests it receives.Īnd that seems to be the problem here, as Cisco explains:Ī vulnerability in the web server. Like many routers, the affected models, including the DPC3825 and DPC3925, have a web-based management interface.Īccording to the manual for the 3825 model, the web interface is only accessible via HTTPS (secure HTTP), whether you are connecting to it from inside or outside, which is a good feature to see. Networking giant Cisco is probably best known for its reassuringly expensive enterprise-grade network kit.īut it also sells consumer products, and even little routers can have giant holes, as Cisco warns in a just-published security advisory.Ī range of the company’s wireless residential gateways – SoHo routers, to you and me – have remote code execution bugs in their web servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |