Lucene search

MitreCVE-2013-7043

HistoryDec 10, 2013 - 7:55 p.m.

CVE-2013-7043

2013-12-1019:55:07

CWE-352

mitre

web.nvd.nist.gov

cisco

scientific atlanta

dpr2320r2

routers

csrf

vulnerabilities

remote attackers

authentication

administrators

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

59.6%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

Affected configurations

Nvd

Node

ciscoscientific_atlanta__dpr\/epr2320_firmwareMatch2.0.2r1262-090417

AND

ciscoscientific_atlanta__dpr\/epr2320Match-

Node

ciscoscientific_atlanta__dpr2325_firmwareMatch2.0.2r1262-090417

AND

ciscoscientific_atlanta__dpr2325Match-

VendorProductVersionCPE
ciscoscientific_atlanta__dpr\/epr2320_firmware2.0.2cpe:2.3:o:cisco:scientific_atlanta__dpr\/epr2320_firmware:2.0.2:r1262-090417:*:*:*:*:*:*
ciscoscientific_atlanta__dpr\/epr2320-cpe:2.3:h:cisco:scientific_atlanta__dpr\/epr2320:-:*:*:*:*:*:*:*
ciscoscientific_atlanta__dpr2325_firmware2.0.2cpe:2.3:o:cisco:scientific_atlanta__dpr2325_firmware:2.0.2:r1262-090417:*:*:*:*:*:*
ciscoscientific_atlanta__dpr2325-cpe:2.3:h:cisco:scientific_atlanta__dpr2325:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	scientific_atlanta__dpr\/epr2320_firmware	2.0.2	cpe:2.3:o:cisco:scientific_atlanta__dpr\/epr2320_firmware:2.0.2:r1262-090417::::::
cisco	scientific_atlanta__dpr\/epr2320	-	cpe:2.3:h:cisco:scientific_atlanta__dpr\/epr2320:-:::::::*
cisco	scientific_atlanta__dpr2325_firmware	2.0.2	cpe:2.3:o:cisco:scientific_atlanta__dpr2325_firmware:2.0.2:r1262-090417::::::
cisco	scientific_atlanta__dpr2325	-	cpe:2.3:h:cisco:scientific_atlanta__dpr2325:-:::::::*

References

www.exploit-db.com/exploits/29927/

exchange.xforce.ibmcloud.com/vulnerabilities/89654

CVSS2

8.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

AI Score

7.6

Confidence

Low

EPSS

0.002

Percentile

59.6%

JSON

Related for CVE-2013-7043