ciscosa-20140716-cm

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

ciscosa-20140716-cm · Critical · Published 11 years ago · Updated 11 years ago

A vulnerability in the web server used in multiple Cisco Wireless Residential Gateway products could allow an unauthenticated, remote attacker to exploit a buffer overflow and cause arbitrary code execution. The vulnerability is due to incorrect input validation for HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm

Cisco advisory ·CSAF JSON

Workarounds

There are currently no known workarounds available for this vulnerability.

CVEs	CVE-2014-3306
Cisco Bug IDs	CSCup40808
CVSS Score	Base 10.0 Base 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C
Product Names From Source	Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA

Related Products

Product	CVE	Evidence
Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with EDVA	CVE-2014-3306	Cisco OpenVuln

Vulnslist

find the latest Cisco vulnerabilities

Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

Workarounds

Related Products