Cisco, normally one of the more standup providers of home wireless routers and networking tech, doesn’t often find themselves in the same position that higher profile targets such as Netgear and Linksys do.
This time around the Santa Clara hardware manufacturer believes their Aironet series wireless access points were hit the hardest with a standard garden variety of exploits including DDOS attacks, trojan horses, and blind backdoors.
“An attacker could exploit this vulnerability by attempting to authenticate to an affected device using locally-stored credentials of the AP. A successful attack could allow an attacker to take complete control of the affected AP and make arbitrary changes to the configuration,” Cisco said in its accompanying security bulletin.
The Aironet 1260, 2600, 3500, and 3600 models were named as the most vulnerable in the report, however the list goes on to include larger enterprise equipment and even switches that hadn’t been updated by the company in almost five years.
Cisco says it was the lack of users changing the default usernames/passwords on their devices that allowed the bug to spread so quickly, and suggests that you always customize these options on any routers bought for personal or professional use.
“In many deployment scenarios, the locally-stored default AP username and password has not been changed from the factory default. In these zero-touch scenarios, the devices are designed to connect automatically to a WLC and download firmware and configurations.”
Also patched were several issues found in WebAuth, as well as an IGMP exploit that went untreated for months after first being discovered late last year.