Lucene search

[email protected]CVE-2014-2046

HistoryMay 14, 2014 - 12:55 a.m.

CVE-2014-2046

2014-05-1400:55:00

CWE-310

[email protected]

web.nvd.nist.gov

cve-2014-2046

broadcom ltd

pipa c211

unauthorized access

web interface

security vulnerability

nvd.

6.3 Medium

AI Score

Confidence

Low

9.7 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:C/A:C

0.083 Low

EPSS

Percentile

94.4%

JSON

cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.

CPENameOperatorVersion
broadcom:pipa_c211_web_interfacebroadcom pipa c211 web interfaceeq1.1
broadcom:pipa_c211broadcom pipa c211eq-

CPE	Name	Operator	Version
broadcom:pipa_c211_web_interface	broadcom pipa c211 web interface	eq	1.1
broadcom:pipa_c211	broadcom pipa c211	eq	-

References

seclists.org/fulldisclosure/2014/May/58

www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/

6.3 Medium

AI Score

Confidence

Low

9.7 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:C/A:C

0.083 Low

EPSS

Percentile

94.4%

JSON

Related for CVE-2014-2046

prion1 securityvulns2 exploitpack1 zdt1 seebug1 packetstorm1 cvelist1 exploitdb1