By Eduard Kovacs on May 04, 2017
Cisco has released a firmware update for one of its small business routers to address a critical vulnerability that can be exploited for denial-of-service (DoS) attacks and arbitrary code execution.
The vulnerability, discovered by researchers from GeekPwn, a China-based IoT-focused hacking competition, affects CVR100W Wireless-N VPN routers. The company said there was no evidence of malicious exploitation.
The flaw, tracked as CVE-2017-3882 and described as a buffer overflow, affects the device’s Universal Plug and Play (UPnP) implementation and it can allow an unauthenticated, layer 2-adjacent attacker to execute arbitrary code with root privileges or cause vulnerable routers to reload.
Powered by WPeMatico