VAR-201312-0285
Vulnerability from variot - Updated: 2025-04-11 22:59Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. Cisco EPC3925 Device goform/Quick_setup Contains a cross-site request forgery vulnerability. The Cisco EPC3925 Router is a home router device. Such as changing the management password. The Cisco EPC3925 failed to properly filter user-submitted 'DdnsHostName' parameter data, allowing remote attackers to exploit vulnerabilities for persistent cross-site scripting vulnerabilities to obtain sensitive information or hijack user sessions. Cisco EPC3925 is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. Cisco EPC3925 epc3925-E10-5-v302r125572-130520c is affected. Exploiting this issue may allow a remote attacker to perform certain administrative actions and compromise the affected device. This issue is being tracked by Cisco Bug IDs CSCuh37496. The vulnerability stems from the fact that the goform/Quick_setup URL does not properly validate the request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201312-0285",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "epc3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "model epc3925 8x4 docsis 3.0 with wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925 router",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925 router epc3925-e10-5-v302r125572-130520c",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925 -e10-5-v302r125572-1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:epc3925",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeroen - IT Nerdbox",
"sources": [
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
}
],
"trust": 0.6
},
"cve": "CVE-2013-6976",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2013-6976",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2013-15289",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-15557",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-66978",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-6976",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-6976",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-15289",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNVD",
"id": "CNVD-2013-15557",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201312-410",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-66978",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496. Cisco EPC3925 Device goform/Quick_setup Contains a cross-site request forgery vulnerability. The Cisco EPC3925 Router is a home router device. Such as changing the management password. The Cisco EPC3925 failed to properly filter user-submitted \u0027DdnsHostName\u0027 parameter data, allowing remote attackers to exploit vulnerabilities for persistent cross-site scripting vulnerabilities to obtain sensitive information or hijack user sessions. Cisco EPC3925 is prone to an HTML-injection vulnerability because it fails to sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nCisco EPC3925 epc3925-E10-5-v302r125572-130520c is affected. \nExploiting this issue may allow a remote attacker to perform certain administrative actions and compromise the affected device. \nThis issue is being tracked by Cisco Bug IDs CSCuh37496. The vulnerability stems from the fact that the goform/Quick_setup URL does not properly validate the request",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6976"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "VULHUB",
"id": "VHN-66978"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-66978",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66978"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6976",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "30362",
"trust": 2.3
},
{
"db": "BID",
"id": "64341",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "124449",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "101097",
"trust": 1.1
},
{
"db": "BID",
"id": "64486",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660",
"trust": 0.8
},
{
"db": "EXPLOIT-DB",
"id": "30415",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-15289",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-15557",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-83807",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-61168",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-83763",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66978",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"id": "VAR-201312-0285",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
}
],
"trust": 2.3
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
}
]
},
"last_update_date": "2025-04-11T22:59:03.240000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "32238",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32238"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.exploit-db.com/exploits/30362/"
},
{
"trust": 1.7,
"url": "http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/64341"
},
{
"trust": 1.1,
"url": "http://packetstormsecurity.com/files/124449/cisco-epc3925-cross-site-request-forgery.html"
},
{
"trust": 1.1,
"url": "http://osvdb.org/101097"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6976"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6976"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/30415/"
},
{
"trust": 0.6,
"url": "http://www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"db": "VULHUB",
"id": "VHN-66978"
},
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"date": "2013-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"date": "2013-12-19T00:00:00",
"db": "VULHUB",
"id": "VHN-66978"
},
{
"date": "2013-12-21T00:00:00",
"db": "BID",
"id": "64486"
},
{
"date": "2013-12-16T00:00:00",
"db": "BID",
"id": "64341"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"date": "2013-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"date": "2013-12-19T22:55:04.540000",
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15289"
},
{
"date": "2013-12-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-15557"
},
{
"date": "2016-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-66978"
},
{
"date": "2013-12-21T00:00:00",
"db": "BID",
"id": "64486"
},
{
"date": "2013-12-25T00:48:00",
"db": "BID",
"id": "64341"
},
{
"date": "2013-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005660"
},
{
"date": "2013-12-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-410"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-6976"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "64486"
},
{
"db": "BID",
"id": "64341"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco EPC3925 Device goform/Quick_setup Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005660"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-410"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…