Cisco users are vulnerable to a critical vulnerability that could allow attackers to gain root access to the equipment. The exploit is already in the wild and software update has not been released so far as per Cisco.
A vulnerability in the Cisco WAP4410N Wireless-N Access Point, Cisco WRVS4400N Wireless-N Gigabit Security Router, and the Cisco RVS4000 4-port Gigabit Security Router could allow an unauthenticated, remote attacker to gain root-level access to an affected device.
Cisco has ranked the vulnerabilities at 10.0 on the Common Vulnerability Scoring System (CVSS) – the highest possible score, which indicates a critical flaw.
As per Cisco “This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device. An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system. An exploit could allow the attacker to access user credentials for the administrator account of the device, and read the device configuration. The exploit can also allow the attacker to issue arbitrary commands on the device with escalated privileges”
Cisco will release free software updates that address these vulnerabilities as per the report
