[c-nsp] Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

Cisco Systems Product Security Incident Response Team psirt at cisco.com
Wed Jul 16 12:47:52 EDT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

Advisory ID: ciscosa-20140716-cm


Revision 1.0

For Public Release 2014 July 16 16:00  UTC (GMT)

Summary

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution.

The vulnerability is due to incorrect input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. 

Cisco has released free software updates that address this vulnerability. 
Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTxquLAAoJEIpI1I6i1Mx3NsAQAMEQrCJ4WGFgJDM4zxqJgPB4
7uKI6BBpT2epClN6bMMx9Udf0EUDG0mOFJqH/rpMur9JqHuG8QJqXoHlMxYkM18T
7mRmlAH9ZWoJ0QZXtytOQRIXaPhPOG0SRoldMpRQJdJdWCuSWvpxd0vJbOZJWjYZ
imiA9z3sHuS5BkXecV1DOq5qzN711BY6j4yRrpxPotIRhqYE0oOgu6NfrKy9M1gp
dfI4R0/+hGzr8in+y3A5w3fFRfB8esT1LJ7hhhe6EPs8F7TjE7QClKt+A3uvhA1w
epQRsOogtkn4bRObfF5qZBFOqvyrnEwDfsv6qBzQO9OKEmsTNhPsBHfQ6HbEbEy7
49eAW8ZQY5l0nU+72FVmS7MwEAl3SReLaT1S7PSXaeysoMfns7KXqlgKuFkBUeNn
oujIPt6LUSuMElFGLhFqnBw0kt4viyMgoFx/3pbRi+dU6SsBlECz347kH9GTx46v
THhlYZuOnoCbotTXiNQGMuE031SstE+Oh6cK86/fWyvJvSZIjk7DssP8m2FiP9qe
TJNokIPWMWKooO823W4IKT4ASnY+SQMf0EOgxH4GmqjoCYNdCscjQSqsUiKrBUzp
8BYvKCKueuDNw35iLNXfFiiFKOBUhYN7znFKlgGN6GnnXBcZuOr4NntbKOlAHVIm
wkYouXj/TdqIfPDndRfJ
=NUhW
-----END PGP SIGNATURE-----


More information about the cisco-nsp mailing list