A critical vulnerability involving the existence of default credentials in two Cisco access points, Aironet 1830 Series and Cisco Aironet 1850 Series, could allow an unauthenticated attacker to remotely seize control of affected devices.
Leveraging layer 3 connectivity – knowing the device’s IP address – an attacker could rely on a secure shell to remotely access the devices by exploiting the Cisco Mobility Express Software vulnerability found on the two devices. This would allow complete control over the devices and the attacker could perform any activity that an administrator would.
“This vulnerability affects Cisco Aironet 1830 Series and Cisco Aironet 1850 Series Access Points that are running an 8.2.x release of Cisco Mobility Express Software prior to Release 184.108.40.206, regardless of whether the device is configured as a master, subordinate, or standalone access point,” reads the advisory.
A second vulnerability, this time affecting the web management interface of Cisco Wireless LAN Controller (WLC) Software, could enable an attacker to access a hidden URL to the web interface and cause the device to reboot. With the vulnerability rated as “high”, this attack could result in a denial of service condition that could render the device inoperable.
“The vulnerability is due to a missing internal handler for the specific request,” reads the Cisco advisory. “An attacker could exploit this vulnerability by accessing a specific hidden URL on the web management interface.”
Fixes for the two vulnerabilities have already been issued, and those affected are encouraged to apply them as soon as possible. While it’s unclear if and such exploits have been successful in-the-wild, companies that own the affected hardware models need to take precautions.