Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers. The vulnerability affects Cisco Prime Home, an automated configuration server that communicates with subscriber devices using the TR-069 protocol. Attackers could exploit the vulnerability by sending API commands over HTTP to a particular URL without requiring authentication. The flaw is caused by a processing error in the role-based access control of URLs, Cisco said. Customers are advised to migrate to the latest, fixed version: 6.5.0.1.”]