Sign-up

ID

VAR-201312-0023


CVE

CVE-2012-3047


TITLE

Cisco Scientific Atlanta D20 and D30 Cable modem Web Wizard setup page cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-006095

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the web-wizard setup page on Cisco Scientific Atlanta D20 and D30 cable modems allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. The Cisco Scientific Atlanta D20/D30 is a wired modem device. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The device enables Internet access through a cable TV network

Trust: 2.52

sources: NVD: CVE-2012-3047 // JVNDB: JVNDB-2012-006095 // CNVD: CNVD-2013-15095 // BID: 64408 // VULHUB: VHN-56328

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-15095

AFFECTED PRODUCTS

vendor:ciscomodel:scientific atlanta dpc\/epc2425scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpw730scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpw939scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpq2425scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpw700scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpq3925scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta wag310gscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpc3925scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpr362scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpw941scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:scientific atlanta dpx\/epx2100scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc 3208scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc2434scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc2325scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc3825scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc3010scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpx130scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta epc3925scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpx\/epx2203scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc2202scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpq3212scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta epc3825scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc2100scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc2420scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc3212scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpq2202scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpx100\/120scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc2203scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpx213scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpq\/epq2160scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta epc2420scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc3008\/epc3008scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpx2213scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc3000\/epc3000scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpx110scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpc\/epc2505scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:scientific atlanta dpx\/epx2203cscope:eqversion: -

Trust: 1.0

vendor:ciscomodel:model epc3925 8x4 docsis 3.0 with wireless residential gateway with edvascope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc2100 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc2202 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc2203 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc2325 residential gateway with wireless access pointscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc2425 wireless residential gateway with embedded digital voice adapterscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc2434 voip wireless home gatewayscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc2505 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc3010 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc3208 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc/epc3212 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc2420 wireless residential gateway with embedded digital voice adapterscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc3000/epc3000 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc3008/epc3008 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc3825 8x4 docsis 3.0 wireless residential gatewayscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpc3925 8x4 docsis 3.0 wireless residential gateway with edvascope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpq/epq2160 docsis 2.0 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpq2202 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpq2425 wireless residential gateway with digital voice adapterscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpq3212 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpq3925 8x4 docsis 3.0 wireless residential gateway with edvascope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpr/epr2320 cable modem with wireless access pointscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpr2325 cable modem with wireless access pointscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpr362 cable modem and routerscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpw700 wireless lan adapter pcmcia cardscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpw730 wireless networking adapterscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpw939 usb wireless networking adapterscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpw941 wireless ethernet adapterscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx/epx2100 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx/epx2203 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx/epx2203c voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx100/120 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx110 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx130 cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx213 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta dpx2213 voip cable modemscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta epc2420 wireless residential gateway with embedded digital voice adapterscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta epc3825 8x4 docsis 3.0 wireless residential gatewayscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta wag310g wireless-g adsl2+ gateway with voipscope: - version: -

Trust: 0.8

vendor:ciscomodel:scientific atlanta d20 and d30 cable modemsscope: - version: -

Trust: 0.6

vendor:ciscomodel:scientific atlanta wag310gscope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta epc3925scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta epc3825scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta epc2420scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx2213scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx213scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx130scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx110scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx100/120scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx/epx2203cscope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx/epx2203scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpx/epx2100scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpw941scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpw939scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpw730scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpw700scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpr362scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpr2325scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpr/epr2320scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpq3925scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpq3212scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpq2425scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpq2202scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpq/epq2160 docsisscope:eqversion:2

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc3925scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc3825scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc3008/epc3008scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc3000/epc3000scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc2420scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc3010scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc2505scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc2434scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc2425scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc2325scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc2203scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc2202scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epc2100scope: - version: -

Trust: 0.3

vendor:ciscomodel:scientific atlanta dpc/epcscope:eqversion:3208

Trust: 0.3

vendor:ciscomodel:dpc/epc3212 dpc/epc3212scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2013-15095 // BID: 64408 // JVNDB: JVNDB-2012-006095 // CNNVD: CNNVD-201312-176 // NVD: CVE-2012-3047

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-3047
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-3047
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-15095
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201312-176
value: MEDIUM

Trust: 0.6

VULHUB: VHN-56328
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-3047
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-15095
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-56328
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-15095 // VULHUB: VHN-56328 // JVNDB: JVNDB-2012-006095 // CNNVD: CNNVD-201312-176 // NVD: CVE-2012-3047

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-56328 // JVNDB: JVNDB-2012-006095 // NVD: CVE-2012-3047

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-176

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201312-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-006095

PATCH
title:26036url:http://tools.cisco.com/security/center/viewAlert.x?alertId=26036
Trust: 0.8
title:Patch for Cisco Scientific Atlanta D20 D30 cable modems Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41592
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-15095 // 
            
            
            
            JVNDB: JVNDB-2012-006095

EXTERNAL IDS
db:NVDid:CVE-2012-3047
Trust: 3.4
db:JVNDBid:JVNDB-2012-006095
Trust: 0.8
db:CNNVDid:CNNVD-201312-176
Trust: 0.7
db:CNVDid:CNVD-2013-15095
Trust: 0.6
db:BIDid:64408
Trust: 0.4
db:VULHUBid:VHN-56328
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-15095 // 
            
            
            
            VULHUB: VHN-56328 // 
            
            
            
            BID: 64408 // 
            
            
            
            JVNDB: JVNDB-2012-006095 // 
            
            
            
            CNNVD: CNNVD-201312-176 // 
            
            
            
            NVD: CVE-2012-3047

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=26036
Trust: 2.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3047
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3047
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-15095 // 
            
            
            
            VULHUB: VHN-56328 // 
            
            
            
            BID: 64408 // 
            
            
            
            JVNDB: JVNDB-2012-006095 // 
            
            
            
            CNNVD: CNNVD-201312-176 // 
            
            
            
            NVD: CVE-2012-3047

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 64408

SOURCES
db:CNVDid:CNVD-2013-15095
db:VULHUBid:VHN-56328
db:BIDid:64408
db:JVNDBid:JVNDB-2012-006095
db:CNNVDid:CNNVD-201312-176
db:NVDid:CVE-2012-3047

LAST UPDATE DATE
2025-04-11T23:11:58.689000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-15095date:2013-12-16T00:00:00
db:VULHUBid:VHN-56328date:2013-12-12T00:00:00
db:BIDid:64408date:2012-06-13T00:00:00
db:JVNDBid:JVNDB-2012-006095date:2013-12-16T00:00:00
db:CNNVDid:CNNVD-201312-176date:2013-12-17T00:00:00
db:NVDid:CVE-2012-3047date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-15095date:2013-12-16T00:00:00
db:VULHUBid:VHN-56328date:2013-12-10T00:00:00
db:BIDid:64408date:2012-06-13T00:00:00
db:JVNDBid:JVNDB-2012-006095date:2013-12-16T00:00:00
db:CNNVDid:CNNVD-201312-176date:2013-12-17T00:00:00
db:NVDid:CVE-2012-3047date:2013-12-10T19:55:03.967