I'd point readers to their security page directly but, for whatever reason I couldn't find such an animal. Belkin took over the Linksys brand from Cisco in March 2013.įor those of you wondering if there is affected versions in the Linksys line, Cisco advises that people reach out to Belkin directly via 'security '. It was interesting to note that Cisco was quick to point out that they had divested themselves of the Linksys line.
I have to admit that I can't help myself but to laugh when I read their official title for this one, "Undocumented Test Interface in Cisco Small Business Devices".
The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges.Ĭisco indicated that they will be releasing free updates for the affected product.
An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. The details: This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device. On January 10th, Cisco confirmed an undocumented backdoor in several of their small business routers which "could allow an unauthenticated, remote attacker to gain root-level access to an affected device. At attacker exploiting this vulnerability through the LAN interface could access user credentials for the administrator account of the device and the device.