VAR-201005-0199
Vulnerability from variot - Updated: 2025-04-11 23:16The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. The Cisco DPC2100R2 is a cable TV CABLE MODEM. - Cross-site request forgery attacks. Multiple functions provided by the WEB interface cannot establish a session correctly and restrict access by authorized users. The attacker builds a malicious WEB site, entice the user to click, and can be authorized to change the administrator password, reset the device, install new firmware, and so on. - The Cisco DPC2100R2 device has access control mechanisms of 0-2 (some devices are 0-3). Due to the lack of proper checking for some operations that require authorization, the attacker submits a specially constructed POST request without any verification reset. Equipment and installation of new software. Cisco DPC2100 (formerly Scientific Atlanta DPC2100) is prone to multiple security-bypass and cross-site request-forgery vulnerabilities. Other attacks are also possible. Firmware versions prior to 2.0.2.r1256-100324as are vulnerable. \xa0Testing was performed on a DPC2100R2 modem, with firmware v2.0.2r1256-060303.
-
\xa0An attacker may create a malicious website that, when visited by a victim, updates these settings on the victim's modem on the victim's behalf without their authorization or need for any additional user interaction. \xa0This issue has been assigned CVE-2010-2025.
-
Insufficient authentication. The modem's access control scheme, which has levels numbered from 0-2 (or 0-3 on some other models), is not properly checked before performing operations that should require authentication, including resetting the modem and installing new firmware. The modem requires the proper access level to access web interface pages containing forms that allow a user to perform these actions, but does not properly authenticate the pages that actually carry out these actions. By sending a POST request directly to these pages, these actions may be performed without any authentication. Attacks may be performed by an attacker on the local network or by leveraging the CSRF vulnerability. This issue has been assigned CVE-2010-2026.
==Identifying Vulnerable Installations==
Most home installations of this modem will feature a web interface that is accessible at "http://192.168.100.1". \xa0The following proof-of-concept code may be used to test for vulnerability. \xa0It leverages the CSRF vulnerability to change the access level of your modem to the most restrictive settings (a harmless action). \xa0If your modem is vulnerable, then you will be presented with a message stating that your settings have been successfully updated. \xa0If you are greeted with a page stating there was a "Password confirmation error", then your modem password has been changed from the default but you are still vulnerable. \xa0If you are greeted with an HTTP authentication form or other message, then your model is not vulnerable.
Test for CSRF vulnerability in WebSTAR modems document.csrf.submit()==Solution==
In most cases, home users will be unable to update vulnerable firmware without assistance from their cable providers. \xa0For the DPC2100R2 modems, the latest version string is dpc2100R2-v202r1256-100324as.
To prevent exploitation of CSRF vulnerabilities, users are always encouraged to practice safe browsing habits and avoid visiting unknown or untrusted websites.
==Credits==
These vulnerabilities were discovered by Dan Rosenberg (dan.j.rosenberg@gmail.com).
Thanks to Matthew Bergin for suggesting I should look at cable modems.
==Timeline==
1/26/10 - Vulnerability reported to Cisco 1/26/10 - Response, issue assigned internal tracking number 2/26/10 - Status update requested 2/26/10 - Response 5/15/10 - Status update requested 5/17/10 - Response, confirmation that newest firmware resolves issues 5/17/10 - Disclosure date set 5/24/10 - Disclosure
==References==
CVE identifiers CVE-2010-2025 and CVE-2010-2026 have been assigned to these issues
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201005-0199",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "scientific atlanta webstar dpc2100r2",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.0.2r1256-060303"
},
{
"model": "dpc2100r2 r1256-060303",
"scope": "eq",
"trust": 1.5,
"vendor": "cisco",
"version": "2.0.2"
},
{
"model": "scientific atlanta webstar dpc2100r2",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "firmware 2.0.2r1256-060303"
},
{
"model": "dpc2100r2 r1256-100324as",
"scope": "ne",
"trust": 0.3,
"vendor": "cisco",
"version": "2.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "BID",
"id": "40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
},
{
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:scientific_atlanta_webstar_dpc2100r2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dan Rosenberg",
"sources": [
{
"db": "BID",
"id": "40346"
},
{
"db": "PACKETSTORM",
"id": "89916"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
}
],
"trust": 1.0
},
"cve": "CVE-2010-2026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2010-2026",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2010-4420",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-44631",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2026",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2026",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2010-4420",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201005-371",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-44631",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "VULHUB",
"id": "VHN-44631"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
},
{
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page. The Cisco DPC2100R2 is a cable TV CABLE MODEM. - Cross-site request forgery attacks. Multiple functions provided by the WEB interface cannot establish a session correctly and restrict access by authorized users. The attacker builds a malicious WEB site, entice the user to click, and can be authorized to change the administrator password, reset the device, install new firmware, and so on. - The Cisco DPC2100R2 device has access control mechanisms of 0-2 (some devices are 0-3). Due to the lack of proper checking for some operations that require authorization, the attacker submits a specially constructed POST request without any verification reset. Equipment and installation of new software. Cisco DPC2100 (formerly Scientific Atlanta DPC2100) is prone to multiple security-bypass and cross-site request-forgery vulnerabilities. Other attacks are also possible. \nFirmware versions prior to 2.0.2.r1256-100324as are vulnerable. \\xa0Testing was\nperformed on a DPC2100R2 modem, with firmware v2.0.2r1256-060303. \n\n1. \\xa0An attacker may create a\nmalicious website that, when visited by a victim, updates these settings on the\nvictim\u0027s modem on the victim\u0027s behalf without their authorization or need for\nany additional user interaction. \\xa0This issue has been assigned CVE-2010-2025. \n\n2. Insufficient authentication. The modem\u0027s access control scheme, which has\nlevels numbered from 0-2 (or 0-3 on some other models), is not properly checked\nbefore performing operations that should require authentication, including\nresetting the modem and installing new firmware. The modem requires the proper\naccess level to access web interface pages containing forms that allow a user\nto perform these actions, but does not properly authenticate the pages that\nactually carry out these actions. By sending a POST request directly to these\npages, these actions may be performed without any authentication. Attacks may\nbe performed by an attacker on the local network or by leveraging the CSRF\nvulnerability. This issue has been assigned CVE-2010-2026. \n\n==Identifying Vulnerable Installations==\n\nMost home installations of this modem will feature a web interface that is\naccessible at \"http://192.168.100.1\". \\xa0The following proof-of-concept code may\nbe used to test for vulnerability. \\xa0It leverages the CSRF vulnerability to\nchange the access level of your modem to the most restrictive settings (a\nharmless action). \\xa0If your modem is vulnerable, then you will be presented with\na message stating that your settings have been successfully updated. \\xa0If you\nare greeted with a page stating there was a \"Password confirmation error\", then\nyour modem password has been changed from the default but you are still\nvulnerable. \\xa0If you are greeted with an HTTP authentication form or other\nmessage, then your model is not vulnerable. \n\n\u003chtml\u003e\n\u003chead\u003e\n\u003ctitle\u003eTest for CSRF vulnerability in WebSTAR modems\u003c/title\u003e\n\u003c/head\u003e\n\n\u003cbody\u003e\n\n\u003cform name=\"csrf\" method=\"post\" action=\"http://192.168.100.1/goform/_aslvl\"\u003e\n\u003cinput type=\"hidden\" name=\"SAAccessLevel\" value=\"0\"\u003e\n\u003cinput type=\"hidden\" name=\"SAPassword\" value=\"W2402\"\u003e\n\u003c/form\u003e\n\n\u003cscript\u003edocument.csrf.submit()\u003c/script\u003e\n\n\u003c/body\u003e\n\u003c/html\u003e\n\n==Solution==\n\nIn most cases, home users will be unable to update vulnerable firmware without\nassistance from their cable providers. \\xa0For\nthe DPC2100R2 modems, the latest version string is\ndpc2100R2-v202r1256-100324as. \n\nTo prevent exploitation of CSRF vulnerabilities, users are always encouraged\nto practice safe browsing habits and avoid visiting unknown or untrusted\nwebsites. \n\n==Credits==\n\nThese vulnerabilities were discovered by Dan Rosenberg\n(dan.j.rosenberg@gmail.com). \n\nThanks to Matthew Bergin for suggesting I should look at cable modems. \n\n==Timeline==\n\n1/26/10 - Vulnerability reported to Cisco\n1/26/10 - Response, issue assigned internal tracking number\n2/26/10 - Status update requested\n2/26/10 - Response\n5/15/10 - Status update requested\n5/17/10 - Response, confirmation that newest firmware resolves issues\n5/17/10 - Disclosure date set\n5/24/10 - Disclosure\n\n==References==\n\nCVE identifiers CVE-2010-2025 and CVE-2010-2026 have been assigned to these\nissues",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2026"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "BID",
"id": "40346"
},
{
"db": "VULHUB",
"id": "VHN-44631"
},
{
"db": "PACKETSTORM",
"id": "89916"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2026",
"trust": 4.1
},
{
"db": "BID",
"id": "40346",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201005-371",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2010-0946",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2010-4420",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "15097",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20100524 SCIENTIFIC ATLANTA DPC2100 WEBSTAR CABLE MODEM VULNERABILITIES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-44631",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "89916",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "VULHUB",
"id": "VHN-44631"
},
{
"db": "BID",
"id": "40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"db": "PACKETSTORM",
"id": "89916"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
},
{
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"id": "VAR-201005-0199",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "VULHUB",
"id": "VHN-44631"
}
],
"trust": 2.175
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
}
]
},
"last_update_date": "2025-04-11T23:16:50.312000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/"
},
{
"title": "Cisco DPC2100 Secure Bypass and Cross-Site Request Forgery Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/383"
},
{
"title": "Cisco Scientific Atlanta WebSTAR DPC2100R2 Cable Modem Bypass Patch for Authentication Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37642"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44631"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/40346"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2026"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2026"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/15097"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "https://www.cisco.com),"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2025"
},
{
"trust": 0.1,
"url": "http://192.168.100.1/goform/_aslvl\"\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-2026"
},
{
"trust": 0.1,
"url": "http://192.168.100.1\"."
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "VULHUB",
"id": "VHN-44631"
},
{
"db": "BID",
"id": "40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"db": "PACKETSTORM",
"id": "89916"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
},
{
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"db": "VULHUB",
"id": "VHN-44631"
},
{
"db": "BID",
"id": "40346"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"db": "PACKETSTORM",
"id": "89916"
},
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
},
{
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"date": "2010-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"date": "2010-05-26T00:00:00",
"db": "VULHUB",
"id": "VHN-44631"
},
{
"date": "2010-05-24T00:00:00",
"db": "BID",
"id": "40346"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"date": "2010-05-25T21:34:37",
"db": "PACKETSTORM",
"id": "89916"
},
{
"date": "2010-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-371"
},
{
"date": "2010-05-26T19:30:01.483000",
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-05-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0946"
},
{
"date": "2010-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-4420"
},
{
"date": "2010-05-27T00:00:00",
"db": "VULHUB",
"id": "VHN-44631"
},
{
"date": "2010-05-24T19:32:00",
"db": "BID",
"id": "40346"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004100"
},
{
"date": "2010-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201005-371"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Scientific Atlanta WebSTAR DPC2100R2 Cable modem Web Vulnerabilities that bypass authentication in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004100"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201005-371"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…