Cisco fixed a vulnerability that could allow an attacker to take control of a wireless network security firewall.
The flaw is in the company’s RV220W Wireless Network Security Firewall’s web-based management interface, and affects firmware versions prior to 220.127.116.11. The vulnerability ended up discovered by an anonymous researcher working with the Beyond Security’s SecuriTeam Secure Disclosure program.
“The vulnerability is due to insufficient input validation of HTTP request headers that are sent to the web-based management interface of an affected device,” the company said in a security advisory.
“An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted HTTP request that contains malicious SQL statements to the management interface of a targeted device,” the advisory said. “Depending on whether remote management is configured for the device, the management interface may use the SQL code in the HTTP request header to determine user privileges for the device. A successful exploit could allow the attacker to bypass authentication on the management interface and gain administrative privileges on the device.”
There are workarounds and mitigations for the problem — disabling or restricting access to remote management functionality for an affected device – or click here for the latest version (v18.104.22.168) of the firmware.
The company’s PSIRT is not aware of this vulnerability undergoing exploitation in the wild. Administrators who want to check whether their devices suffered a compromise via this flaw can look into the Authentication, Accounting, and Authorization (AAA) log files for suspect or malicious login data.
Cisco said their RV120W Wireless-N VPN Firewalla, RV180 VPN Routers, and RV180W Wireless-N Multifunction VPN Routers do not suffer from the issue.