BEST OF THE WEB

Cisco promises fix for AP, router backdoor

Network gear maker Cisco Systems Inc. said it will release firmware updates to plug a backdoor found in two of its routers and a wireless access point that could provide attackers administrative control over the devices.

Cisco said the previously undocumented feature was found in its WRVS4400N Wireless-N Gigabit security router, its RVS4000 4-port Gigabit security router and its WAP4410N Wireless-N access point.

“An attacker could exploit this vulnerability by accessing the affected devices from the LAN-side interface and issuing arbitrary commands in the underlying operating system,” Cisco said in an advisory it issued on its Web site Friday. “An exploit could allow the attacker to access user credentials for the administrative account of the device, and read the device configuration.”

The company said an attacker can also issue arbitrary commands on the device with “escalated privileges.”

Security researcher Eloi Vanderberken discovered the vulnerability over the Christmas holiday, according to a report from technology publication Networkworld.com.

He said he found that connecting to his Linksys WAG200G allowed a remote user to send unauthenticated commands to the device and reset the admin password. Other users later reported finding the same backdoor on Cisco, Netgear and Belkin devices. In some devices, this type of backdoor can be accessed from the Internet.

Cisco said there are no known workarounds to the vulnerability. It said it will issue a firmware update this month.

Read the whole story here

Nestor E. Arellano
Nestor E. Arellano
Toronto-based journalist specializing in technology and business news. Blogs and tweets on the latest tech trends and gadgets.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web