Arbitrary code execution in Cisco CVR100W Wireless-N VPN Router
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2017-3882 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
CVR100W Wireless-N VPN Router Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU6425
Risk: Medium
CVSSv3.1: 8.3 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-3882
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an unauthenticated, Layer 2–adjacent attacker to cause DoS condition or execute arbitrary code on the target system.
The weakness exists due to buffer overflow caused by incomplete range checks of the UPnP input data. An attacker can send a malicious request to the UPnP listening port, trigger memory corruption, cause the device to reload or potentially execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in denial of service or arbitrary code execution.
Update to version 1.0.1.22.
Vulnerable software versionsCVR100W Wireless-N VPN Router: 1.0.1.21
CPE2.3 External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
