Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Scientific Atlanta Dpr\/Epr2320 Firmware | 2.0.2 |
| Cisco | Scientific Atlanta Dpr\/Epr2320 | - |
| Cisco | Scientific Atlanta Dpr2325 Firmware | 2.0.2 |
| Cisco | Scientific Atlanta Dpr2325 | - |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/29927/ExploitVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89654
- http://www.exploit-db.com/exploits/29927/ExploitVDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/89654
FAQ
What is CVE-2013-7043?
CVE-2013-7043 is a vulnerability with a CVSS score of 8.3 (HIGH). Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administ...
How severe is CVE-2013-7043?
CVE-2013-7043 has been rated HIGH with a CVSS base score of 8.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-7043?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Scientific Atlanta Dpr\/Epr2320 Firmware, Cisco Scientific Atlanta Dpr\/Epr2320, Cisco Scientific Atlanta Dpr2325 Firmware, Cisco Scientific Atlanta Dpr2325.