search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Cisco Router Web Setup (CRWS) contains an insecure default IOS configuration

Vulnerability Note VU#205225

Original Release Date: 2006-07-14 | Last Revised: 2006-07-14


A vulnerability in the Cisco Router Web Setup (CRWS) web configuration tool on some Cisco 800 and SOHO series routers may allow remote execution of system-level commands with no authentication.


Cisco Router Web Setup Tool

The Cisco Router Web Setup tool, or CRWS, provides a GUI for an administrator configuring a Cisco 800 or SOHO series router. The Cisco IOS HTTP server provides the user interface, and is enabled by default on these routers. The CRWS may be enabled by default on the public interface, therefore may be accessible via the Internet.

enable password / enable secret
These IOS commands set the administrator passwords on Cisco 800 and SOHO series routers.

The Problem
The configuration shipped with the CRWS application does not include an enable password or enable secret command. This default configuration may allow execution of commands through the web interface at privilege level 15 (the highest level available) without requiring any authentication credentials.

The following products are affected by this vulnerability:
Cisco 806, Cisco 826, Cisco 827, Cisco 827H, Cisco 827-4v, Cisco 828, Cisco 831, Cisco 836, Cisco 837, Cisco SOHO 71, Cisco SOHO 76, Cisco SOHO 77, Cisco SOHO 77H, Cisco SOHO 78, Cisco SOHO 91, Cisco SOHO 96, Cisco SOHO 97.


A remote, unauthenticated attacker may be able to run commands at privilege level 15 through the web interface.


Cisco has provided an upgrade to address this vulnerability. See Cisco Security Advisory cisco-sa-20060712-crws for more information.

Cisco has provided three workarounds for this vulnerability:

1. Disable the Cisco IOS HTTP server.
2. Configure a password manually.
3. Enable authentication of requests to the HTTP Server by using a different authentication system.
Details on applying these workarounds can be found in the workarounds section of cisco-sa-20060712.

Vendor Information


Cisco Systems, Inc. Affected

Updated:  July 14, 2006



Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Please see Cisco Security Advisory cisco-sa-20060712-crws.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector



This vulnerability was reported by Cisco Systems Product Security Incident Response Team.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: None
Severity Metric: 46.50
Date Public: 2006-07-12
Date First Published: 2006-07-14
Date Last Updated: 2006-07-14 16:34 UTC
Document Revision: 24

Sponsored by CISA.