Computer Security
[EN] securityvulns.ru no-pyccku


Scientific Atlanta DPC2100 cable modems security vulnerabilities
Published:26.05.2010
Source:
SecurityVulns ID:10868
Type:remote
Threat Level:
5/10
Description:Crossite request forgery. Authentication bypass.
Affected:SCIENTIFICATLANT : WebStar DPC2100
CVE:CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allows remote attackers to bypass authentication, and reset the modem or replace the firmware, via a direct request to an unspecified page.)
 CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.)
Original documentdocumentDan Rosenberg, Scientific Atlanta DPC2100 WebSTAR Cable Modem vulnerabilities (26.05.2010)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod