Remote unauthenticated control over a vulnerable ISP's gear
Cisco is advising ISPs and other service providers using its Prime Home system to install a security update immediately – to squash a serious remote execution bug. Switchzilla says the flaw, which was given a 10.0 CVSS score, could allow an attacker to log into the software as an administrator and remotely take control of thousands upon thousands of customers' home routers, broadband gateways and similar boxes. "An attacker could exploit this vulnerability by sending API commands via HTTP to a...