Some Cisco routers impacted by vulnerability -- are you affected?
When it comes to networking, brands matter. Sure, you can sometimes score a great deal on a router or switch from a generic brand, but is the cost saving really worth the risk of poor quality? Whether in the home or enterprise, quality networking hardware is key to a great experience.
In my home, we use an Apple Airport Extreme, but I know many people who swear by Cisco -- especially in business. Sadly though, Cisco announces that some of its routers are plagued by a vulnerability which could open the door to attackers.
"A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device", says Cisco.
The company further explains, "the vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability could give an attacker administrative-level access to the web-based administration interface on the affected device".
Luckily, a fix is already available, so affected users should update as soon as possible. Cisco deserves major kudos for swiftly identifying, communicating and fixing the vulnerability. Unfortunately, as is the case with many software updates, not all users will bother to apply it. If you know anybody with these routers, please alert them immediately.
Do you own one of the affected routers? Tell me in the comments.