Cisco has disclosed the existence of an undocumented backdoor in several of their routers offerings which could a remote attacker to “gain root-level access to an affected device” by way of “an undocumented test interface in the TCP service listening on port 32764,” according to the disclosure by Cisco.
“An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration,” the company stated. “The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges.”
Cisco indicates that the following products are affected by the vulnerability:
- Cisco RVS4000 4-port Gigabit Security Router running firmware version 220.127.116.11 and prior
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 1.0 and 1.1 running firmware version 1.1.13 and prior
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 2.0 running firmware version 18.104.22.168 and prior
- Cisco WAP4410N Wireless-N Access Point running firmware version 22.214.171.124 and prior
An additional listing of vulnerable devices has been compiled by independent security researchers in a GitHub post here. Cisco said that currently there are no workarounds that would mitigate the vulnerabilities, but they are planning to release software updates to mitigate them.
“The significant downside to this announcement is that a wide swath of these devices will remain unpatched for the foreseeable future. These are typically deployed in smaller businesses that lack the proper IT related support to remedy the issue,” wrote security researcher Dave Lewis.
“This could potential put hundreds of small businesses at risk by virtue of the fact that they will not have the aforementioned support. I’m concerned that this could still be an exposure that we will be able to find in a year from now,” Lewis continued.