VAR-201407-0370
Vulnerability from variot - Updated: 2025-04-13 23:35The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808. The Cisco Wireless Residential Gateway is the device for the associated wireless home gateway. Attackers can exploit this issue to inject arbitrary commands and execute arbitrary code with elevated privileges. Failed exploit attempts will crash the web server, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCup40808. Cisco DPC3010, etc. The following products are affected: Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, EPC3925
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0370",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dpc3010",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpq3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3925",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3212",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3825",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3010",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3212",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "epc3825",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3212 voip cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "dpc3825 8x4 docsis 3.0 wireless residential gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "epc3212 voip cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "epc3825 8x4 docsis 3.0 wireless residential gateway",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model dpc3010 docsis 3.0 8x4 cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model dpc3925 8x4 docsis 3.0 with wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model dpq3925 8x4 docsis 3.0 wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model epc3010 docsis 3.0 cable modem",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "model epc3925 8x4 docsis 3.0 with wireless residential gateway with edva",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wireless residential gateway",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:dpc3212",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpc3825",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3212",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3825",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpc3010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpc3925",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:dpq3925",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3010",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:epc3925",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Chris Watts of Tech Analysis",
"sources": [
{
"db": "BID",
"id": "68673"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3306",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-3306",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04382",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-71246",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3306",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-3306",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-04382",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-469",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-71246",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808. The Cisco Wireless Residential Gateway is the device for the associated wireless home gateway. \nAttackers can exploit this issue to inject arbitrary commands and execute arbitrary code with elevated privileges. Failed exploit attempts will crash the web server, denying service to legitimate users. \nThis issue is being tracked by Cisco bug ID CSCup40808. Cisco DPC3010, etc. The following products are affected: Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, EPC3925",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3306"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "VULHUB",
"id": "VHN-71246"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3306",
"trust": 3.4
},
{
"db": "SECTRACK",
"id": "1030598",
"trust": 1.1
},
{
"db": "SECTRACK",
"id": "1030599",
"trust": 1.1
},
{
"db": "BID",
"id": "68673",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04382",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71246",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"id": "VAR-201407-0370",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
}
],
"trust": 1.35384614
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
}
]
},
"last_update_date": "2025-04-13T23:35:14.892000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ciscosa-20140716-cm",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm"
},
{
"title": "34895",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34895"
},
{
"title": "ciscosa-20140716-cm",
"trust": 0.8,
"url": "http://www.cisco.com/cisco/web/support/JP/112/1122/1122791_ciscosa-20140716-cm-j.html"
},
{
"title": "Patch for remote code execution vulnerabilities in multiple Cisco Wireless Residential Gateway products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/47703"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/ciscosa-20140716-cm"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030598"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1030599"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3306"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3306"
},
{
"trust": 0.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34895"
},
{
"trust": 0.3,
"url": "www.cisco.com"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"db": "VULHUB",
"id": "VHN-71246"
},
{
"db": "BID",
"id": "68673"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"date": "2014-07-18T00:00:00",
"db": "VULHUB",
"id": "VHN-71246"
},
{
"date": "2014-07-16T00:00:00",
"db": "BID",
"id": "68673"
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"date": "2014-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"date": "2014-07-18T00:55:04.830000",
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04382"
},
{
"date": "2017-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-71246"
},
{
"date": "2014-07-16T00:00:00",
"db": "BID",
"id": "68673"
},
{
"date": "2014-07-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003477"
},
{
"date": "2014-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-469"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3306"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Cisco Run on product Web Vulnerability in arbitrary code execution on server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003477"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-469"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…