Software Engineering Institute

Cisco Router Web Setup Tool

The Cisco Router Web Setup tool, or CRWS, provides a GUI for an administrator configuring a Cisco 800 or SOHO series router. The Cisco IOS HTTP server provides the user interface, and is enabled by default on these routers. The CRWS may be enabled by default on the public interface, therefore may be accessible via the Internet.

enable password / enable secret
These IOS commands set the administrator passwords on Cisco 800 and SOHO series routers.

The Problem
The configuration shipped with the CRWS application does not include an enable password or enable secret command. This default configuration may allow execution of commands through the web interface at privilege level 15 (the highest level available) without requiring any authentication credentials.

The following products are affected by this vulnerability:
Cisco 806, Cisco 826, Cisco 827, Cisco 827H, Cisco 827-4v, Cisco 828, Cisco 831, Cisco 836, Cisco 837, Cisco SOHO 71, Cisco SOHO 76, Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 91, Cisco SOHO 96, Cisco SOHO 97.

A remote, unauthenticated attacker may be able to run commands at privilege level 15 through the web interface.

Upgrade
Cisco has provided an upgrade to address this vulnerability. See Cisco Security Advisory cisco-sa-20060712-crws for more information.

Workarounds
Cisco has provided three workarounds for this vulnerability:

1. Disable the Cisco IOS HTTP server.
2. Configure a password manually.
3. Enable authentication of requests to the HTTP Server by using a different authentication system.
Details on applying these workarounds can be found in the workarounds section of cisco-sa-20060712.