Multiple Cisco home products vulnerable to exploit

Summary:A flaw in many of the company's cable modems and residential gateways could allow a remote attacker to take control of the device.

Cisco has disclosed that a bug in the internal web server in several of its residential products leaves them vulnerable to an unauthenticated, remote buffer overflow that could allow arbitrary code execution.

The web server fails to validate inputs properly. An attacker could send a particular HTTP request to the device, crash the device and run arbitrary code with elevated privileges.

The following products are vulnerable

  • Cisco DPC3212 VoIP Cable Modem
  • Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco EPC3212 VoIP Cable Modem
  • Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
  • Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
  • Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
  • Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Many similar Cisco products are not affected. See the list in the advisory.

Cisco has released updates to fix the vulnerability, but many customers cannot apply the updates directly. Such customers must contact their service provider to determine if the updated software is applied. Other customers, with or without a service contract, can obtain updates by contacting the Cisco Technical Assistance Center (TAC) using the contact information in the advisory.

There are no known workarounds for the vulnerability.

Hat tip to The Hacker News.

Topics: Security, Cisco

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.