Sign in / up

back to article Own a Cisco modem or wireless gateway? It might be owned by someone else, too

A number of Cisco home network gateways have a security bug that allows attackers to hijack the devices remotely. A firmware update to close the hole is being rolled out to ISPs to deploy. The networking giant said that certain Wireless Home Gateway products are vulnerable to a remote-code execution attack, which is triggered …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. I. Aproveofitspendingonspecificprojects

    Everyone's a criminal these days.

    The problem with tyranical governments is that when you treat every one as a criminal, the population is by default going to cross the line. I can see the anarchists spoken about on here:

    http://www.wired.com/2014/07/inside-dark-wallet/?mbid=nl_wired_07216014

    taking over the world.

    The problem is not how bad code is and why monopolies take so long to put their products right; it is that those taking advantage of the problems are not just crooks, they are secret policemen. And if there is no law against them, the only alternative is to be an outlaw. I won't be around when the generation of people being spied on from the cradle will grow up learning to deal with it.

    We know what happened in Russia when everybody was a spy: Once the government changes, gangsterism becomes rife. Honest citizens just don't know what to do to get away with a little criminality. They have consciences. Take that away and hell comes to dinner.

    Hopefully I will be wrong about this but stupid has a way of mastering everything it touches.

    6 2 Reply
    1. Matt Bryant Silver badge
      Reply Icon
      WTF?

      Re: I.Approvetheremovalofcommonsense Re: Everyone's a criminal these days.

      Wow, a story about a security hole in CISCO routers, and you post a diatribe about The Man?!?! Seriously, how did you make that leap? Do you think The Man is hiding in your modem?

      As for your link to the Wired story, again, what has that to do with the article? Two rather sad dropouts that 'want to change the World', one already a laughingstock for the tragic 'Liberator' printed gun? You really think cretins like that are going to 'take over'? Their 'Silk Road 3.0' will be taken down by the authorities in just as short order as it's predecessors. Peer-to-peer will make zero difference as the authorities will merely shift from looking for the centralised server to blocking the service at the ISPs. All those morons are doing is accelerating us towards a completely regulated Internet.

      0 1 Reply
  2. oldtaku Silver badge
    Unhappy

    Thanks, NSA!

    Of course they knew about this but said nothing so they could exploit it themselves.

    3 2 Reply
  3. Anonymous Coward
    Anonymous Coward

    Cisco in gaping hole shocker....

    ...Next Flash and Java have holes....oh hold on, heres another flash update.

    2 0 Reply
  4. John Smith 19 Gold badge
    Black Helicopters

    Failure

    Or feature.

    Depending on who installed it and on whose orders (if any).

    3 2 Reply
  5. Matt Bryant Silver badge
    Facepalm

    "There are currently no known workarounds available for this vulnerability."

    I'd suggest, if you can't wait for the patch, the workaround would be to buy a non-CISCO router. Oh, did CISCO not want that workaround mentioned?

    2 1 Reply
  6. Grease Monkey Silver badge

    "Own a Cisco modem or wireless gateway? It might be owned by someone else, too

    Remote code exec in HTTP server hands kit to bad guys"

    or how about "Own a Cisco modem or wireless gateway with HTTP server enabled? What sort of moron are you?"

    Fixed it for you.

    1 2 Reply
    1. diodesign (Written by Reg staff) Silver badge
      Reply Icon

      The HTTP remote management is on by default. And there is no workaround.

      C.

      1 0 Reply
  7. JaitcH
    FAIL

    CISCO ... the 'gold' ...

    standard adopted by the USA, Australia and New Zealand and possibly Blihgjty.

    The Chinese and Russians thank you.

    P.S. Who uses 'wireless' for secure applications?

    1 0 Reply
  8. g00se
    WTF?

    Local management

    "The protocol HTTP is required for remote management .."

    And local management is commonly done how exactly? Telnet?

    1 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Re: Local management

      Probably if these things are like their switches - I often find telnet enabled and cisco as the enable password. Even more hilarious are the number of Cisco switches I find with the default web user/password.

      Cheers

      Jon

      1 0 Reply
  9. Dahhah6o

    Has no one read the DOCSIS specifications?

    These are DOCSIS devices. DOCSIS was designed from the beginning for the CPE device to be managed by the provider, and *unmanageable* by the customer. This applies to all DOCSIS devices, not just Cisco. Firmware upgrades are initiated by the provider when the device is booted. So there is nothing a customer can do but wait for the provider to push out the updated firmware.

    0 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like