Cisco
These guys build firewalls too?
Suggests they are either grossly incompetent, or paid bt the Spooks to backdoor them
Cisco is advising ISPs and other service providers using its Prime Home system to install a security update immediately – to squash a serious remote execution bug. Switchzilla says the flaw, which was given a 10.0 CVSS score, could allow an attacker to log into the software as an administrator and remotely take control of …
This is the era of "just barely good enough" quality. High quality left the building with massive layoffs of senior coders replaced by cheap 3d world hacks. Quite a few of those 3d world hacks cheated their way to a degree with purchased test answers. Software's on the same level as making cheap kids toys now.
"An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication"
Yet another hole in the web interface. Why didn't Cisco pick this up at the code review and vulnerability stage. They did test it for such vulnerabilities at the design stage .. agile, devOps waterfall etc ..
"agile, devOps waterfall etc .."
Also known as quick & dirty and cheap. This is why security holes and software bugs get missed.
If software development were done properly, and time was put into coding standards, code reviews, bounds checking, vulnerability assessments & testing then these holes would not be included.
But since that takes time and costs money, then they are not done, putting the risk onto the customer with no obligation on the vendor to be responsible for their bugs and holes.