This notice addresses two unrelated security vulnerabilities in the
software used on the Cisco 7xx series of small-office and home-office routers.
These vulnerabilities affect only the 7xx series routers (not the 7xxx series);
no other Cisco product is affected.
The first vulnerability, which has been assigned Cisco bug ID
CSCdm03231, can be used to cause system reloads, and therefore denial of
service, using TCP connections to the routers' TELNET ports.
The second vulnerability has not been assigned a bug ID. 7xx routers
running software versions 3.2(5) through 4.2(3) support a simple HTTP server.
This HTTP server is enabled by default. Unless the server is explicitly
disabled, it can be used to make changes to the router configuration, and/or to
gain information about that configuration. This is intentional behavior, but is
mentioned in this notice because it appears that customers have been caught
unawares by it.
There are configuration workarounds for both of these vulnerabilities.
This advisory is posted at