Cisco has disclosed that a bug in the internal web server in several of its residential products leaves them vulnerable to an unauthenticated, remote buffer overflow that could allow arbitrary code execution.
The web server fails to validate inputs properly. An attacker could send a particular HTTP request to the device, crash the device and run arbitrary code with elevated privileges.
The following products are vulnerable
- Cisco DPC3212 VoIP Cable Modem
- Cisco DPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco EPC3212 VoIP Cable Modem
- Cisco EPC3825 8x4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco Model DPC3010 DOCSIS 3.0 8x4 Cable Modem
- Cisco Model DPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
- Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
- Cisco Model EPC3925 8x4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
Many similar Cisco products are not affected. See the list in the advisory.
Cisco has released updates to fix the vulnerability, but many customers cannot apply the updates directly. Such customers must contact their service provider to determine if the updated software is applied. Other customers, with or without a service contract, can obtain updates by contacting the Cisco Technical Assistance Center (TAC) using the contact information in the advisory.
There are no known workarounds for the vulnerability.
Hat tip to The Hacker News.