Vulnslist

find the latest Cisco vulnerabilities

Cisco Model DPQ3925 Wireless Residential Gateway Information Disclosure Vulnerability

cisco-sa-20151217-gateway · Medium · Published · Updated

A vulnerability in the HTTP server on the Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with Embedded Digital Voice Adapter (EDVA) could allow an unauthenticated, remote attacker to access sensitive information located on the device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to access sensitive information from the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This vulnerability was reported to Cisco by Chris Watts of Tech Analysis. Cisco would like to thank him for reporting this issue to Cisco PSIRT. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway

Cisco advisory ·CSAF JSON

Workarounds

Administrators may consider disabling remote access to the HTTP web management interface on affected systems.

CVEsCVE-2015-6428
Cisco Bug IDsCSCuv03958
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA

Related Products

Product CVE Evidence
Cisco RV Series Routers CVE-2015-6428 Cisco OpenVuln
Cisco Nexus Dashboard CVE-2015-6428 Cisco OpenVuln
Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA CVE-2015-6428 Cisco OpenVuln