The router hijack exploit scenario detailed by researchers at Symantec may affect Cisco routers that are marketed for the Small Office/Home Office (SOHO), Remote Office/Branch Office (ROBO) and teleworker business segments, according to a notice
from Cisco's product security incident response team.
The background: Symantec's paper (PDF). Coverage by Joris Evers and Brian Krebs. Techmeme discussion.
The fix: For home users, log into your router's management console and change the password now. Here are online instructions from D-Link, Linksys and Netgear.
Now, Cisco is acknowledging that some enterprise-class products are also vulnerable, even if it's not a router vulnerability in the strictest sense.
At risk are those Cisco routers have the Cisco IOS HTTP server enabled by default, to allow CRWS or SDM to communicate with the router. With either CRWS or SDM installed at shipping, the router's configuration will have a default username and password that is used to access the router via the HTTP web interface.
A full list of the Cisco business routers that may be affected by the attack methodology is available in the company's official response.