Gustavo Javier Speranza of CHFI had discovered a vulnerability which exists in CISCO routers model No. RV110W, RV215W, and CVR100W.
The vulnerability which Gustavo has discovered, lets a would be attacker/hacker bypass the login page of the router just manipulating the POST data in the administration page (ex: 192.168.1.1) and gain access to the users network with full admin rights. The bug effects the following CISCO Routers only
1. Cisco RV110W Wireless-N VPN Firewall running firmware versions 1.2.0.9 and prior
2. Cisco RV215W Wireless-N VPN Router running firmware versions 1.1.0.5 and prior
3. Cisco CVR100W Wireless-N VPN Router running firmware versions 1.0.1.19 and prior
Gustavo has reported the vulnerability to CISCO and they have come out with a firmware update to patch the same. The CISCO Security advisory centre says,
A vulnerability in the web management interface of the Cisco RV110W Wireless-N VPN Firewall, the Cisco RV215W Wireless-N VPN Router, and the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain administrative-level access to the web management interface of the affected device.
The vulnerability is due to improper handling of authentication requests by the web framework. An attacker could exploit this vulnerability by intercepting, modifying and resubmitting an authentication request. Successful exploitation of this vulnerability would give an attacker administrative-level access to the web-based administration interface on the affected device.
This vulnerability is documented in Cisco bug ID CSCul94527 (registered customers only), CSCum86264 (registered customers only) and CSCum86275 (registered customers only) and has been assigned the Common Vulnerabilities and Exposures CVE-2014-0683.
To patch the above routers, CISCO has released following firmware updates.
Cisco CVR100W Wireless-N VPN Router firmware version 1.0.1.21:
https://software.cisco.com/download/release.html?mdfid=284758089&flowid=43303&softwareid=282487380&release=1.0.1.21&relind=AVAILABLE&rellifecycle=&reltype=latest
Cisco RV110W Wireless-N VPN Firewall firmware version 1.2.0.10:
https://software.cisco.com/download/release.html?mdfid=283879340&softwareid=282487380&release=1.2.0.10&relind=AVAILABLE&rellifecycle=&reltype=latest
Cisco RV215W Wireless-N VPN Router firmware version 1.1.0.6:
https://software.cisco.com/download/release.html?mdfid=284436489&softwareid=282487380&release=1.1.0.6&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rm
https://software.cisco.com/download/release.html?mdfid=284758089&flowid=43303&softwareid=282487380&release=1.0.1.21&relind=AVAILABLE&rellifecycle=&reltype=latest
Cisco RV110W Wireless-N VPN Firewall firmware version 1.2.0.10:
https://software.cisco.com/download/release.html?mdfid=283879340&softwareid=282487380&release=1.2.0.10&relind=AVAILABLE&rellifecycle=&reltype=latest
Cisco RV215W Wireless-N VPN Router firmware version 1.1.0.6:
https://software.cisco.com/download/release.html?mdfid=284436489&softwareid=282487380&release=1.1.0.6&relind=AVAILABLE&rellifecycle=&reltype=latest&i=rm
Gustavo has posted a complete detailed analysis of how he managed to detect the vulnerablity. You can read the same in the PDF document embeded below
Resource : CXSecurity
