Networking-hardware giant Cisco on Wednesday (Mar. 9) disclosed security vulnerabilities in a number of its wireless gateways and cable modems, which would expose users to remote attacks. Fortunately, as Cisco has already released patches to fix these devices, which are typically rented out by Internet service providers (ISPs) to small-business and residential customers.
Unless they are patched, the DPC2203 and EPC2203 cable modems risk attacks from hackers who exploit coding errors to create buffer overflows, which allow a device's running memory to be overwhelmed and malicious code to be injected. Such attacks could occur when a user visited a malicious or compromised website, or even merely viewed a malicious online ad.
Cisco's DPC3941 and DPC3939B wireless gateways -- combination modems and routers -- are vulnerable to attacks through their Web-based administration software. Gateways hit by targeted Web requests could cough up login credentials and information about the traffic sent through the device -- i.e., your network passwords and all your recent emails, Facebook posts, video streams and late-night naughty images.
The Cisco DPQ3925 wireless gateway is also vulnerable to malicious Web requests, but in a less serious way. Instead of capturing personal information or login credentials, hackers would only be able to stop the devices from working with a denial-of-service attack.
Owners of these devices need to contact their ISPs to ensure the patches are delivered, as Cisco has not released the patches for individual download. Modems and gateways leased by ISPs are often targets for attackers, as their owners are unlikely to think twice about patching the firmware.