====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN135
_____________________________________________________________________

DATE                : 04/05/2017

HARDWARE PLATFORM(S): Cisco CVR100W Wireless-N VPN Router.

OPERATING SYSTEM(S): Cisco CVR100W Wireless-N VPN Router firmware.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1
____________________________________________________________________

Cisco Security Advisory: Cisco CVR100W Wireless-N VPN Router Universal
Plug-and-Play Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20170503-cvr100w1

Revision: 1.0

For Public Release: 2017 May 3 16:00 GMT

Last Updated: 2017 May 3 16:00 GMT

CVE ID(s): CVE-2017-3882

CVSS Score v(3): 9.6 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Universal Plug-and-Play (UPnP) implementation in
the Cisco CVR100W Wireless-N VPN Router could allow an unauthenticated,
Layer 2–adjacent attacker to execute arbitrary code or cause a denial
of service (DoS) condition. The remote code execution could occur with
root privileges.

The vulnerability is due to incomplete range checks of the UPnP input
data, which could result in a buffer overflow. An attacker could
exploit this vulnerability by sending a malicious request to the UPnP
listening port of the targeted device. An exploit could allow the
attacker to cause the device to reload or potentially execute arbitrary
code with root privileges.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-cvr100w1"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================