CVE-2017-6620

Name of the Vulnerable Software and Affected Versions Cisco CVR100W Wireless-N VPN Router versions prior to 1.0.1.24

Description A vulnerability in the remote management access control list (ACL) feature could allow an unauthenticated, remote attacker to bypass the remote management ACL. This is due to incorrect implementation of the ACL decision made during the ingress connection request to the remote management interface. An attacker could exploit this by sending a connection to the management IP address or domain name of the targeted device, potentially allowing them to bypass the configured remote management ACL. This issue can occur even when the Remote Management configuration parameter is set to Disabled.

Recommendations For Cisco CVR100W Wireless-N VPN Router versions prior to 1.0.1.24, update the firmware to version 1.0.1.24 or later to resolve the issue. As a temporary workaround, consider restricting access to the remote management interface until the update can be applied.