Critical security vulnerability in Cisco modems and routers

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

The following Cisco products are affected by this vulnerability:

  • Cisco DPC3212 VoIP Cable Modem
  • Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco EPC3212 VoIP Cable Modem
  • Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
  • Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
  • Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
  • Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
  • Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
  • Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA

Cisco Security Advisory: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm

Heise: http://www.heise.de/security/meldung/Kritische-Sicherheitsluecke-gefaehrdet-Router-und-Modems-von-Cisco-2262088.html

Several German providers use the EPC3212 cable modem. Kabel Deutschland and Unitymedia / Kabel BW both said the bug has been fixed in their firmware “since about 2012″ but did not elaborate why Cisco only now made the vulnerability and fix public.

Heise: http://www.heise.de/security/meldung/Cisco-Routerluecke-Der-mysterioese-Vorab-Patch-2264271.html