CVE-2017-3882

Name of the Vulnerable Software and Affected Versions Cisco CVR100W Wireless-N VPN Router versions prior to 1.0.1.22

Description A vulnerability in the Universal Plug-and-Play (UPnP) implementation could allow an unauthenticated attacker to execute arbitrary code or cause a denial of service condition. The vulnerability is due to incomplete range checks of the UPnP input data, which could result in a buffer overflow. An attacker could exploit this by sending a malicious request to the UPnP listening port, potentially allowing the attacker to cause the device to reload or execute arbitrary code with root privileges.

Recommendations For versions prior to 1.0.1.22, update to Firmware Release 1.0.1.22 or later to resolve the issue. As a temporary workaround, consider restricting access to the UPnP listening port to minimize the risk of exploitation.