Published: 10/12/2013 Updated: 29/08/2017

CVSS v2 Base Score: 8.3 | Impact Score: 8.5 | Exploitability Score: 8.6

VMScore: 835

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote malicious users to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco scientific_atlanta__dpr\\/epr2320_firmware 2.0.2
cisco scientific_atlanta__dpr\\/epr2320 -
cisco scientific_atlanta__dpr2325_firmware 2.0.2
cisco scientific_atlanta__dpr2325 -

########################################################### [~] Exploit Title: DPR2320R2 [Scientific-Atlanta, Inc(A Cisco COMPANY)] :: Multiple CSRF vulnerability [~] Author: sajith [~]Category: Hardware/Wireless Router [~] vendor home page: wwwciscocom/web/consumer/support/modem_DPR2320html [~] Software Version: v202r1262-090417 ### ...

CWE-352 http://www.exploit-db.com/exploits/29927/https://exchange.xforce.ibmcloud.com/vulnerabilities/89654 https://nvd.nist.gov https://www.exploit-db.com/exploits/29927/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-7043

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect