View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Can Cisco’s wireless home gateways be hacked into?

Vulnerability is said to be present in nine of Cisco’s wireless home gateways.

By Amy-Jo Crowley

A number of Cisco’s wireless gateway products are vulnerable to being controlled by hackers.

The networking firm, which recently uncovered spearphishing malware in Microsoft Word, said attackers could enable remote code execution by sending a crafted HTTP request to the web server running on the hardware.

"Successful exploitation of the vulnerability may cause the embedded web server to crash and allow the attacker to inject arbitrary commands and execute arbitrary code with elevated privileges," Cisco said.

"This vulnerability exists whether the device is configured in Router mode or Gateway mode.

The vulnerability, which was reported to Cisco by Chris Watts from Tech Analysis, is also present whether the device is configured in Router mode or Gateway mode.

The nine products that are vulnerable include: Cisco DPC3212 VoIP Cable Modem, Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway, Cisco EPC3212 VoIP Cable Modem, Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway, Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem, Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA, Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA, Cisco Model EPC3010 DOCSIS 3.0 Cable Modem and Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA.

Cisco said it has released a patch to broadband providers to pass onto affected homes and offices.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

The company reported earlier this month that attackers could gain administrative access to its Unified Communications Domain Manager (Unified CDM) software by exploiting a default SSH private key.

 

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU