Vulnerability Description
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Pipa C211 Web Interface | 1.1 |
| Broadcom | Pipa C211 | - |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2014/May/58
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploit
- http://seclists.org/fulldisclosure/2014/May/58
- https://www.portcullis-security.com/security-research-and-downloads/security-advExploit
FAQ
What is CVE-2014-2046?
CVE-2014-2046 is a vulnerability with a CVSS score of 9.7 (HIGH). cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via...
How severe is CVE-2014-2046?
CVE-2014-2046 has been rated HIGH with a CVSS base score of 9.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2046?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Pipa C211 Web Interface, Broadcom Pipa C211.