Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
764
Views
0
Helpful
4
Replies

WRVS4400N Undocumented Test Interface in Cisco Small Business Devices

tellwill1
Level 1
Level 1

‎01-24-2014 06:06 PM

Undocumented Test Interface in Cisco Small Business Devices

A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain

root-level access to an affected device.


Cisco will release free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: link broken

Is this vunerability accessible from internet (wan) or just lan.

Labels:
0 Helpful
4 Replies 4

cindy toy
Level 7
Level 7

‎01-26-2014 07:22 PM

Hi Dominic,

Yes, the link is broken and I have submitted a request to fix it.  However we just released a fix for the Unauthorized Access Vulnerability in the WAP4410N.

Download the new firmware here: cs.co/6014eZHK

Regards,
Cindy Toy
Cisco Small Business Community Manager
for Cisco Small Business Products
www.cisco.com/go/smallbizsupport
twitter: CiscoSBsupport
twitter: CiscoSmallBiz
Instagram: instagram.com/ciscosmallbiz
Facebook: facebook.com/CiscoSmallBusiness

Regards, Cindy If my response answered your question, please mark the response as answered. Thank you!
0 Helpful

tellwill1
Level 1
Level 1
In response to cindy toy

‎01-26-2014 08:35 PM

My query was: this vulnerability affects WRVS4400N. Can this vulnerability be accessed on the WAN side. I have disabled WAN management.  I do not own a WAP4410N.

0 Helpful

mpyhala
Level 7
Level 7

‎01-27-2014 10:58 AM

Dominic,

Details

A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device. This vulnerability can be triggered from the LAN interfaces of the Cisco WRVS4400N Wireless-N Gigabit Security Router and the Cisco RVS4000 4-port Gigabit Security Router from the wireless LAN (WLAN) and the LAN interfaces of the Cisco WAP4410N Wireless-N Access Point.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd

- Marty

0 Helpful

tellwill1
Level 1
Level 1
In response to mpyhala

‎01-27-2014 04:16 PM

mpyhala

Thanks for the answer.

I checked wrvs4400n support page and found a new firmware but I do not understand the condition for downloading. I am a home user, live and use the router in Canada. What are my obligation?

0 Helpful
Customers Also Viewed These Support Documents