Cisco Vows to Fix Backdoor
Discovered by a security researcher named Eloi Vanderbeken, some Cisco routers currently contain a backdoor system that is able to be exploited by attackers. Cisco is promising to release a firmware patch shortly that will remedy the issue, even though Belkin is now responsible for Linksys routers. The vulnerability allows attackers to gain administrative access without any form of authenticating, by simply resetting the administrative password. The devices that contain the issue contain a service that listens on port 32764 TCP. Cisco identified its RVS4000, WRVS4400N, and WAP4410N router models that contain the vulnerability. While the first two are only able to be compromised by using a testing interface on the LAN that the devices are connected to, the WAP4410N can be exploited wirelessly as well.
Cisco has notified users that besides the firmware patch that it plans to release shortly, there is no known workaround for the vulnerability.