The issue is in the web server used, which could allow an unauthenticated, remote attacker to crash the web server with a buffer overflow, and execute arbitrary code with elevated privileges.
According to Cisco’s advisory, the vulnerability is due to incorrect input validation for HTTP requests; an attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device.
The vulnerability exists whether the device is configured in router mode or gateway mode. The list of affected products include:
- Cisco DPC3212 VoIP Cable Modem
- Cisco DPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco EPC3212 VoIP Cable Modem
- Cisco EPC3825 8×4 DOCSIS 3.0 Wireless Residential Gateway
- Cisco Model DPC3010 DOCSIS 3.0 8×4 Cable Modem
- Cisco Model DPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
- Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with EDVA
- Cisco Model EPC3010 DOCSIS 3.0 Cable Modem
- Cisco Model EPC3925 8×4 DOCSIS 3.0 with Wireless Residential Gateway with EDVA
The development gives concreteness to heightened awareness of potential data breaches stemming from the rise of the connected home and the internet of things (IoT).
Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter
