Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Wireless Residential Unauthorized Command Vulnerability

cisco-sa-20151208-cwr · Medium · Published · Updated

A vulnerability with web interface access authentication of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to issue a subset of commands as the administrator without authenticating to the device. The vulnerability is due to lack of authentication required for certain administrative functions through the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. An exploit could allow the attacker to execute a subset of administrator functions without being authenticated. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2015-6401
Cisco Bug IDsCSCux24941
CVSS ScoreBase 6.4
Base 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N/E:F/RL:U/RC:C
Product Names From Source
Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway with EDVA

Related Products

Product CVE Evidence
Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway with EDVA CVE-2015-6401 Cisco OpenVuln