Cisco 7xx Series Routers Clickstart HTTP Server Remote Configuration Modification
Remote / Network Access
Loss of Integrity
By default, Cisco 7xx series routers installs a HTTP server. The HTTP server has no password, which is publicly known and documented. This allows attackers to trivially access the the router remotely and modify configurations without authentication.
Upgrade to version 4.3(1) or higher as it has been reported to fix this vulnerability. It is possible to correct the flaw by implementing the following workaround(s): Enter the 'set clickstart off' command into the configuration.