Search criteria
6 vulnerabilities found for epc3925 by cisco
VAR-201407-0370
Vulnerability from variot - Updated: 2025-04-13 23:35The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808. The Cisco Wireless Residential Gateway is the device for the associated wireless home gateway. Attackers can exploit this issue to inject arbitrary commands and execute arbitrary code with elevated privileges. Failed exploit attempts will crash the web server, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCup40808. Cisco DPC3010, etc. The following products are affected: Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, EPC3925
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dpc3010",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpq3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3212",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3825",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3010",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3212",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3825",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3212 voip cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3825 8x4 docsis 3.0 wireless residential gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "epc3212 voip cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "epc3825 8x4 docsis 3.0 wireless residential gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model dpc3010 docsis 3.0 8x4 cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model dpc3925 8x4 docsis 3.0 with wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model dpq3925 8x4 docsis 3.0 wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model epc3010 docsis 3.0 cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model epc3925 8x4 docsis 3.0 with wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wireless residential gateway",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:dpc3212",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpc3825",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3212",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3825",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpc3010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpc3925",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpq3925",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3925",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Watts of Tech Analysis",
"sources": [
{
"db": "BID",
"id": "68673"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04382",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-71246",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3306",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-3306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04382",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-469",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-71246",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808. The Cisco Wireless Residential Gateway is the device for the associated wireless home gateway. \nAttackers can exploit this issue to inject arbitrary commands and execute arbitrary code with elevated privileges. Failed exploit attempts will crash the web server, denying service to legitimate users. \nThis issue is being tracked by Cisco bug ID CSCup40808. Cisco DPC3010, etc. The following products are affected: Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, EPC3925",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3306"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "VULHUB",
"id": "VHN-71246"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3306",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1030598",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030599",
"trust": 1.1
},
{
"db": "BID",
"id": "68673",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71246",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"id": "VAR-201407-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
}
],
"trust": 1.35384614
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
}
]
},
"last_update_date": "2025-04-13T23:35:14.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ciscosa-20140716-cm",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
},
{
"title": "34895",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34895"
},
{
"title": "ciscosa-20140716-cm",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122791_ciscosa-20140716-cm-j.html"
},
{
"title": "Patch for remote code execution vulnerabilities in multiple Cisco Wireless Residential Gateway products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47703"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/ciscosa-20140716-cm"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030598"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030599"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3306"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3306"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34895"
},
{
"trust": 0.3,
"url": "www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"date": "2014-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-71246"
},
{
"date": "2014-07-16T00:00:00",
"db": "BID",
"id": "68673"
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"date": "2014-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"date": "2014-07-18T00:55:04.830000",
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"date": "2017-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-71246"
},
{
"date": "2014-07-16T00:00:00",
"db": "BID",
"id": "68673"
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"date": "2014-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Run on product Web Vulnerability in arbitrary code execution on server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
}
],
"trust": 0.6
}
}
VAR-201312-0285
Vulnerability from variot - Updated: 2025-04-11 22:59Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. Cisco EPC3925 Device goform/Quick_setup Contains a cross-site request forgery vulnerability. The Cisco EPC3925 Router is a home router device. Such as changing the management password. The Cisco EPC3925 failed to properly filter user-submitted 'DdnsHostName' parameter data, allowing remote attackers to exploit vulnerabilities for persistent cross-site scripting vulnerabilities to obtain sensitive information or hijack user sessions. Cisco EPC3925 is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Cisco EPC3925 epc3925-E10-5-v302r125572-130520c is affected. Exploiting this issue may allow a remote attacker to perform certain administrative actions and compromise the affected device. This issue is being tracked by Cisco Bug IDs CSCuh37496. The vulnerability stems from the fact that the goform/Quick_setup URL does not properly validate the request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0285",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epc3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "model epc3925 8x4 docsis 3.0 with wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925 router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925 router epc3925-e10-5-v302r125572-130520c",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925 -e10-5-v302r125572-1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:epc3925",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen - IT Nerdbox",
"sources": [
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
}
],
"trust": 0.6
},
"cve": "CVE-2013-6976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6976",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2013-15289",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-15557",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-66978",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-15289",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2013-15557",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-410",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66978",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. Cisco EPC3925 Device goform/Quick_setup Contains a cross-site request forgery vulnerability. The Cisco EPC3925 Router is a home router device. Such as changing the management password. The Cisco EPC3925 failed to properly filter user-submitted \u0027DdnsHostName\u0027 parameter data, allowing remote attackers to exploit vulnerabilities for persistent cross-site scripting vulnerabilities to obtain sensitive information or hijack user sessions. Cisco EPC3925 is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nCisco EPC3925 epc3925-E10-5-v302r125572-130520c is affected. \nExploiting this issue may allow a remote attacker to perform certain administrative actions and compromise the affected device. \nThis issue is being tracked by Cisco Bug IDs CSCuh37496. The vulnerability stems from the fact that the goform/Quick_setup URL does not properly validate the request",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6976"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "VULHUB",
"id": "VHN-66978"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66978",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66978"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6976",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "30362",
"trust": 2.3
},
{
"db": "BID",
"id": "64341",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "124449",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "101097",
"trust": 1.1
},
{
"db": "BID",
"id": "64486",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "30415",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-15289",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-15557",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83807",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61168",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83763",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66978",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"id": "VAR-201312-0285",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
}
]
},
"last_update_date": "2025-04-11T22:59:03.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "32238",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32238"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"trust": 1.7,
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/64341"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/124449/cisco-epc3925-cross-site-request-forgery.html"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101097"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6976"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6976"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30415/"
},
{
"trust": 0.6,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"date": "2013-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-66978"
},
{
"date": "2013-12-21T00:00:00",
"db": "BID",
"id": "64486"
},
{
"date": "2013-12-16T00:00:00",
"db": "BID",
"id": "64341"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"date": "2013-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"date": "2013-12-19T22:55:04.540000",
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"date": "2013-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"date": "2016-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-66978"
},
{
"date": "2013-12-21T00:00:00",
"db": "BID",
"id": "64486"
},
{
"date": "2013-12-25T00:48:00",
"db": "BID",
"id": "64341"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"date": "2013-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco EPC3925 Device goform/Quick_setup Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
}
],
"trust": 0.6
}
}
CVE-2014-3306 (GCVE-0-2014-3306)
Vulnerability from cvelistv5 – Published: 2014-07-18 01:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030598"
},
{
"name": "1030599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030599"
},
{
"name": "20140716 Cisco Wireless Residential Gateway Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1030598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030598"
},
{
"name": "1030599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030599"
},
{
"name": "20140716 Cisco Wireless Residential Gateway Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030598"
},
{
"name": "1030599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030599"
},
{
"name": "20140716 Cisco Wireless Residential Gateway Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3306",
"datePublished": "2014-07-18T01:00:00.000Z",
"dateReserved": "2014-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:35:57.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6976 (GCVE-0-2013-6976)
Vulnerability from cvelistv5 – Published: 2013-12-19 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64341"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html"
},
{
"name": "30362",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"name": "101097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-31T15:57:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "64341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64341"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html"
},
{
"name": "30362",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"name": "101097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64341"
},
{
"name": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/",
"refsource": "MISC",
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"name": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html"
},
{
"name": "30362",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"name": "101097",
"refsource": "OSVDB",
"url": "http://osvdb.org/101097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6976",
"datePublished": "2013-12-19T22:00:00.000Z",
"dateReserved": "2013-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3306 (GCVE-0-2014-3306)
Vulnerability from nvd – Published: 2014-07-18 01:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:57.167Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1030598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030598"
},
{
"name": "1030599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030599"
},
{
"name": "20140716 Cisco Wireless Residential Gateway Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-01-04T20:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "1030598",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030598"
},
{
"name": "1030599",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030599"
},
{
"name": "20140716 Cisco Wireless Residential Gateway Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-3306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1030598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030598"
},
{
"name": "1030599",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030599"
},
{
"name": "20140716 Cisco Wireless Residential Gateway Remote Code Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-3306",
"datePublished": "2014-07-18T01:00:00.000Z",
"dateReserved": "2014-05-07T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:35:57.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6976 (GCVE-0-2013-6976)
Vulnerability from nvd – Published: 2013-12-19 22:00 – Updated: 2024-08-06 17:53
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:53:45.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64341",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64341"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html"
},
{
"name": "30362",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"name": "101097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-31T15:57:00.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "64341",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64341"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html"
},
{
"name": "30362",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"name": "101097",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2013-6976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64341"
},
{
"name": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/",
"refsource": "MISC",
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"name": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/124449/Cisco-EPC3925-Cross-Site-Request-Forgery.html"
},
{
"name": "30362",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"name": "101097",
"refsource": "OSVDB",
"url": "http://osvdb.org/101097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2013-6976",
"datePublished": "2013-12-19T22:00:00.000Z",
"dateReserved": "2013-12-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T17:53:45.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}