cisco wireless kit there is a serious vulnerability, so far no fix-bug warning-the black bar safety net

2016-06-18T00:00:00
ID MYHACK58:62201676020
Type myhack58
Reporter 佚名
Modified 2016-06-18T00:00:00

Description

Cisco recently released a security Advisory to announce the three Cisco wireless packet is subjected to a severe bug effects,but there is still no solution available. SOHO equipment is mainly used in most of the goals between network components,and often in the wild, they often lack the protective or improperly configured, so that the user is often exposed to serious risk. In these cases,hackers make use of their firmware in the famous defect to the fall of them,for this reason, keeping updated is very important. So today's message is,if you are a SOHO Cisco wireless equipment the owner of one of the words you're in trouble. Switchzilla issued a belonging to the RV family Cisco wireless Toolkit key patch: Cisco RV110W Wireless-N VPN firewall The Cisco RV130W Wireless-N multifunction VPN router Cisco RV215W Wireless-N VPN router In the above Cisco wireless Toolkit on critical vulnerabilities are mainly located in the web interface, can be remote attacker by sending a carefully crafted HTTP request as the root user to execute code use. “Located in the Cisco RV110W Wireless-N VPN Firewall,the Cisco RV130W Wireless-N multifunction VPN router, and Cisco RV215W Wireless-N VPN Router the web interface on the vulnerability can allow a remote, unauthenticated attacker to the target system as the root user execute arbitrary code.” Cisco issued the Advisory, said. “The vulnerability is due to the user to provide the HTTP input is not detected completely. An attacker can send a custom user data carefully crafted HTTP request to exploit this vulnerability. The vulnerability could allow the attacker root privileges on the affected system to execute arbitrary code,which may lead to further attacks.” ! Vulnerability could be very serious,for example,an attacker could steal authentication cookies. “A remote user can access the target user's cookies(including authentication cookies),if any,with the Cisco Small Business RV series interface is connected,access the target user via web pages submitted to the interface of the most recent data, or the target user to take other actions.“ Security track The Security Tracker reports. The bad news is,there is still no update available,the company plans in the third quarter to fix this vulnerability. “Cisco has not yet released a software update to resolve this vulnerability. To mitigate this vulnerability workarounds-hole is not available.“ Cisco wireless Toolkit Security Advisory on continue said. The recommendations in the defective Cisco on the wireless device to disable remote management function. “Web-Based Management Interface, the interface may be via a local LAN or the remote management features connected to these devices. By default,the remote management capabilities of these affected devices is disabled.” Cisco represents.” If you want to see whether the device enabled remote management,open the device management interface,select Basic Settings>remote management. If the Enabled check box is selected,the device remote management is enabled.” Cisco plans to release the following version of the update: For Cisco RV110W Wireless-N VPN Firewall, the released 1. 2. 1. 7 version; For the Cisco RV130W Wireless-N multifunction VPN router, release 1.0.3.16 version; For the Cisco RV215W Wireless-N VPN router, release 1.3.0.8 version. The vulnerability is a security expert Samuel hunt Lee found,he also in the same equipment found on an HTTP request buffer overflow vulnerabilities and cross-site scripting vulnerability.