Cisco Plans for Admin Backdoor Fix in Routers

Cisco Systems (CSCO) plans to fix an administration backdoor issue discovered in late December by security research Eloi Vanderbeken.

The backdoor problem was discovered on a Linksys WAG200G router, but Cisco later noted the vulernability also exists on the WAP4410N wireless-N access point, the WRVS4400N wireless-N Gigabit security router and the RVS4000 4-port Gigabit security router.

Cisco released a security advisory about the issue, which "could allow an unauthenticated, remote attacker to gain root-level access to an affected device." The problem stems from Vanderbeken's discovery that the Linksys router had service listening on the 32764 TCP port. Using the backdoor, remote users could send commands to reset the administrative password on the device.

Cisco plans to release a free firmware upgrade for the affected devices later this month. It should be noted that Cisco no longer owns the Linksys brand. The company sold Linksys to networking vendor Belkin when it decided to fully exit the consumer products market. Belkin will have to deal with that problem.

This doesn't look to be a security vulnerability only found in a handful of Cisco and Linksys products, though. Netgear was also noted to have the same backdoor.

"This vulnerability can be triggered from the LAN interfaces of the Cisco WRVS4400N Wireless-N Gigabit Security Router and the Cisco RVS4000 4-port Gigabit Security Router from the wireless LAN (WLAN) and the LAN interfaces of the Cisco WAP4410N Wireless-N Access Point. This vulnerability is due to an undocumented test interface in the TCP service listening on port 32764 of the affected device. An attacker could exploit this vulnerability by accessing the affected device from the LAN-side interface and issuing arbitrary commands in the underlying operating system," Cisco wrote in the security advisory.

According to Cisco, attackers could use the vulnerability to access user credentials for the administrator account on the device, as well as read the device's configuration. It could also be used to allow attackers to issue arbitrary commands with escalated privileges.

Cisco and other networking vendors recently had another backdoor scare when German magazine Der Spiegel published an article detailing how the National Security Agency (NSA) had possibly created backdoors into networking products. That's still under investigation by networking vendors.