Nine Cisco Devices Contain Security Flaw

Cisco sign

Many times, wireless routers and modems are forgotten end points. While close attention is paid to securing PCs with appropriate security tools, these devices are often left unpatched and vulnerable to attacks. As Lucian Constantin reports at Computer World, owners of Cisco devices are currently in the crosshairs because of an exposed security flaw that affects nine wireless devices for both home and business use.

The vulnerability is described as “a buffer overflow that results from incorrect validation of input in HTTP requests.” This means that attackers can remotely inject and execute code on a user’s connected device, which would likely allow them to infect the device with malware. On the Common Vulnerability Scoring System (CVSS), this security flaw was given the highest score possible, a 10.0. That score denotes that successful exploits of the flaw “compromise the confidentiality, integrity and availability of the targeted device.”

The devices affected are capable of functioning as routers or wireless access points, but experts report that the devices are vulnerable regardless of which mode it’s currently operating in.

For many flaws found for routers, there are workarounds or quick fixes that temporarily fix the problem until a patch is made available, but not for this specific flaw. The only fix is to apply an update directly from Cisco.

The affected devices are:

  • Cisco DPC3212 VoIP Cable Modem
  • Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco EPC3212 VoIP Cable Modem
  • Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
  • Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
  • Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
  • Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

 

Some of these models are distributed by service providers so you’ll want to check your device even if it was supplied by your ISP. If you’re currently using a device on this list, it’s vital that you apply a software update as soon as possible.

If you become the victim of an attack, or have any type of problem with your gadgets, call Geek Rescue at 918-369-4335.

For other solutions for your business, our parent company, JD Young, is here to help.

 

July 22nd, 2014