- This topic has 1 voice and 0 replies.
-
Posts
-
-
#News(Security) [ via IoTForIndiaGroup ]
Hackers took advantage of online instructions to target some Cisco WiFi routers. The attacks come on the heels of the vendor issuing a software patch for the critical security vulnerabilities.
The attacks occurred after security research firm Pen Test Partners posted a blog containing demonstration code on how to exploit the routers. The firm was involved in initially finding the vulnerability.
Cisco noted that the vulnerability occurs in the web-based management interface of three routers: RV110W, RV130W and RV215W. It reportedly impacts about 12,000 devices in the U.S., Canada, India, Argentina, Poland, and Romania.
The vulnerability, known as a Remote Command Execution (RCE) vulnerability, was ranked as “critical” by Cisco, with a 9.8 score (out of a possible 10) on the Common Vulnerability Scoring System. The high rating reflects the ease in attacking the devices remotely over the internet by hackers who also don’t need advanced coding skills.
An unauthenticated remote attacker could use the vulnerability to execute arbitrary code, Cisco explained. It isn’t clear from Cisco’s report how attackers might take advantage of such access, but they presumably would be able to monitor secure personal data including passwords.
Known Vulnerability
Three security researchers, including one from Pen Test Partners, announced the vulnerability at the GeekPwn Shanghai conference in late October. They didn’t provide technical details or mention the impacted products at the time, although Cisco thanked them for their work
-
- You must be logged in to reply to this topic.
