CVE-2013-7043 - Vulnerability Details - OpenCVE

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cisco	Scientific Atlanta Dpr2325 Scientific Atlanta Dpr2325 Firmware Scientific Atlanta Dpr\/epr2320 Scientific Atlanta Dpr\/epr2320 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:cisco:scientific_atlanta__dpr\/epr2320_firmware:2.0.2:r1262-090417:*:*:*:*:*:*

cpe:2.3:h:cisco:scientific_atlanta__dpr\/epr2320:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:cisco:scientific_atlanta__dpr2325_firmware:2.0.2:r1262-090417:*:*:*:*:*:*

cpe:2.3:h:cisco:scientific_atlanta__dpr2325:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.exploit-db.com/exploits/29927/
https://exchange.xforce.ibmcloud.com/vulnerabilities/89654

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-10T19:00:00

Updated: 2024-08-06T17:53:45.833Z

Reserved: 2013-12-10T00:00:00

Link: CVE-2013-7043

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2013-12-10T19:55:07.453

Modified: 2025-04-11T00:51:21.963

Link: CVE-2013-7043

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-30T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "cisco-scientific-cve20137043-csrf(89654)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89654"}, {"name": "29927", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/29927/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2013-7043", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "cisco-scientific-cve20137043-csrf(89654)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89654"}, {"name": "29927", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/29927/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:53:45.833Z"}, "title": "CVE Program Container", "references": [{"name": "cisco-scientific-cve20137043-csrf(89654)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89654"}, {"name": "29927", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/29927/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7043", "datePublished": "2013-12-10T19:00:00", "dateReserved": "2013-12-10T00:00:00", "dateUpdated": "2024-08-06T17:53:45.833Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:scientific_atlanta__dpr\\/epr2320_firmware:2.0.2:r1262-090417:*:*:*:*:*:*", "matchCriteriaId": "E0971B07-AB24-4AB5-A013-E18EB3D61A5A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:scientific_atlanta__dpr\\/epr2320:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E71C120-97A7-4738-B553-11EEB6358E9C", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:scientific_atlanta__dpr2325_firmware:2.0.2:r1262-090417:*:*:*:*:*:*", "matchCriteriaId": "CAD23A48-3CE9-49D4-9480-76A28D290DB2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:scientific_atlanta__dpr2325:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CCDABA3-2332-4987-8DF6-292750920855", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic."}, {"lang": "es", "value": "Vulnerabilidades Multiple cross-site request forgery (CSRF) en los routers Cisco Scientific Atlanta DPR2320R2 con software 2.0.2r1262-090417, que permite a atacantes remotos secuestrar la autenticaci\u00f3n de los administradores para las peticiones que, (1) el cambio de una contrase\u00f1a a trav\u00e9s del par\u00e1metro Contrase\u00f1a goForm / RgSecurity; (2) se reinicia el dispositivo a trav\u00e9s del par\u00e1metro Reiniciar para goForm / reinicio, (3) se modifica la configuraci\u00f3n de Wi-Fi, como se demuestra a trav\u00e9s del par\u00e1metro WpaPreSharedKey en goForm / wlanSecurity, o (4) se modifican los controles parentales a trav\u00e9s del par\u00e1metro ParentalPassword a goForm / RgParentalBasic ."}], "id": "CVE-2013-7043", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 8.5, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-12-10T19:55:07.453", "references": [{"source": "[email protected]", "tags": ["Exploit", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/29927/"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "VDB Entry"], "url": "http://www.exploit-db.com/exploits/29927/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89654"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}