Cisco has issued a fix for an undocumented backdoor disclosed last week in several of their routers offerings which could have allowed a remote attacker to “gain root-level access to an affected device” by way of “an undocumented test interface in the TCP service listening on port 32764.”
“An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration,” the company stated in a previous advisory. “The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges.”
Cisco indicated that the following products were affected by the vulnerability:
- Cisco RVS4000 4-port Gigabit Security Router running firmware version 126.96.36.199 and prior
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 1.0 and 1.1 running firmware version 1.1.13 and prior
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 2.0 running firmware version 188.8.131.52 and prior
- Cisco WAP4410N Wireless-N Access Point running firmware version 184.108.40.206 and prior
An additional listing of vulnerable devices has been compiled by independent security researchers in a GitHub post here.
The company was not expected to release the firmware update until the end of the month, but was apparently able to expedite the fix. The Cisco WAP4410N Wireless-N Access Point – PoE/Advanced Security Release 220.127.116.11 is available here.