According to a blog post from Cisco, a titan of personal and professional networking hardware in the industry, several routers and switches designed for small business are vulnerable to a backdoor technique that was first discovered in D-Link routers nearly a month ago.
By exploiting the LAN interface in the options menu, an attacker can fake his credentials and gain access to the internal settings of the router without any proper identification or password input beforehand. Unearthed by Eloi Vanderbeken on github, the crack supposedly only affects a small subset of switches made for their Small Business line of products.
The models in question are:
- Cisco RVS4000 4-port Gigabit Security Router running firmware version 184.108.40.206 or below
- Cisco WAP4410N Wireless-N Access Point running firmware version 220.127.116.11 or below
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 1.0 and 1.1 running firmware version 1.1.13 or below
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 2.0 running firmware version 18.104.22.168 or below
Cisco expects they will have patched updates ready for the devices by the end of January, but until then you can use any of our simple tutorials to install a custom firmware like DD-WRT or Tomato to protect yourself and your small business network.