Cisco has issued a security advisory with a CVSS (Common Vulnerability Scoring System) of 10 – really serious – affecting these devices:
- Cisco RVS4000 4-port Gigabit Security Router running firmware version 2.0.3.2 and prior
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 1.0 and 1.1 running firmware version 1.1.13 and prior
- Cisco WRVS4400N Wireless-N Gigabit Security Router hardware version 2.0 running firmware version 2.0.2.1 and prior
- Cisco WAP4410N Wireless-N Access Point running firmware version 2.0.6.1 and prior
The issue is caused by an undocumented test interface on port 32764 allowing remote users to have root access on the devices. Affected devices were those sold into the SMB market with an original disclosure notice being posted on GitHub. There has been an increase in scans on port 32764 over the internet, an expert from SAANS Technology Institute reports that on January 2nd there were at least 15,068 scans.