In the first week of this year, we have reported about a critical vulnerability found in more than 2000 Routers that allow attackers to reset the admin panel password to defaults.
Recently, Cisco has released a security advisory, detailed about the similar vulnerability affecting their three networking products.
Cisco has rated the flaw highly critical and marked it as 10.0 on the Common Vulnerability Scoring System (CVSS). A security researcher found a secret service listening on port 32764 TCP, allowed a remote user to send unauthenticated commands to the device and reset the administrative password.
Successful exploitation of the vulnerability allows the hacker to execute arbitrary commands on the device with escalated privileges.
Vulnerable Cisco products are: WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security.
“This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device. An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges.“
Similar backdoor is also present in multiple devices from Cisco, Netgear, Belkin and other manufacturers, according to the security researcher, Eloi Vanderbeken.
He has also released a Python based exploit script to automate the exploitation. This vulnerability has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2014-0659. Cisco has not yet patched the bug, but it is promising to do so by the end of this month.
Source : The Hacker News