CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
50.2%
A vulnerability in the HTTP server on the Cisco Model DPQ3925 8x4 DOCSIS 3.0 Wireless Residential Gateway with Embedded Digital Voice Adapter (EDVA) could allow an unauthenticated, remote attacker to access sensitive information located on the device.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to access sensitive information from the device.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This vulnerability was reported to Cisco by Chris Watts of Tech Analysis. Cisco would like to thank him for reporting this issue to Cisco PSIRT.
This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway”]
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adapter | any | cpe:2.3:a:cisco:dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adapter:any:*:*:*:*:*:*:* |
cisco | dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adapter | 3.0_wireless_residential_gateway_with_edva | cpe:2.3:a:cisco:dpq3925_8x4_docsis_3.0_wireless_residential_gateway_with_embedded_digital_voice_adapter:3.0_wireless_residential_gateway_with_edva:*:*:*:*:*:*:* |