Details of VAR-201312-0304

ID

VAR-201312-0304

CVE

CVE-2013-7043

TITLE

Cisco Scientific Atlanta DPR2320 Cross-site request forgery vulnerability in router software

Trust: 0.8

sources: JVNDB: JVNDB-2013-005508

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic. The Cisco DPR2320R2 Wireless Router is a wireless router product from the United States Cisco. A cross-site request forgery vulnerability exists in the Cisco DPR2320R2 wireless router using firmware version 2.0.2r1262-090417. A remote attacker could use this vulnerability to perform administrator actions to control the affected device. Cisco Scientific Atlanta DPR2320R2 is a cable modem gateway device of Cisco (Cisco). The device includes a cable modem, router and wireless access point, enabling multiple PCs, notebooks or other network devices to share broadband access

Trust: 3.06

sources: NVD: CVE-2013-7043 // JVNDB: JVNDB-2013-005508 // CNVD: CNVD-2013-14872 // CNNVD: CNNVD-201312-053 // BID: 64053 // VULHUB: VHN-67045

IOT TAXONOMY

category:	['Network device']	sub_category:	-	Trust: 0.6
category:	['network device']	sub_category:	router	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2013-14872

AFFECTED PRODUCTS

vendor:	cisco	model:	scientific atlanta dpr\/epr2320	scope:	eq	version:	2.0.2	Trust: 1.6
vendor:	cisco	model:	scientific atlanta dpr2325	scope:	eq	version:	2.0.2	Trust: 1.6
vendor:	cisco	model:	scientific atlanta dpr\/epr2320	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	scientific atlanta dpr2325	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	scientific atlanta dpr/epr2320 cable modem with wireless access point	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	scientific atlanta dpr/epr2320 cable modem with wireless access point	scope:	eq	version:	2.0.2r1262-090417	Trust: 0.8
vendor:	cisco	model:	scientific atlanta dpr2325 cable modem with wireless access point	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	scientific atlanta dpr2325 cable modem with wireless access point	scope:	eq	version:	2.0.2r1262-090417	Trust: 0.8
vendor:	cisco	model:	dpr2320r2 wireless router 2.0.2r1262-090417	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-14872 // JVNDB: JVNDB-2013-005508 // CNNVD: CNNVD-201312-178 // NVD: CVE-2013-7043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7043
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-7043
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2013-14872
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201312-178
value:	HIGH
Trust: 0.6
VULHUB:	VHN-67045
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-7043
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-14872
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-67045
severity:	HIGH
baseScore:	8.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-14872 // VULHUB: VHN-67045 // JVNDB: JVNDB-2013-005508 // CNNVD: CNNVD-201312-178 // NVD: CVE-2013-7043

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-67045 // JVNDB: JVNDB-2013-005508 // NVD: CVE-2013-7043

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201312-053 // CNNVD: CNNVD-201312-178

TYPE

cross-site request forgery

Trust: 1.2

sources: CNNVD: CNNVD-201312-053 // CNNVD: CNNVD-201312-178

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005508

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-67045

PATCH

title:

Cisco DPR/EPR2320, DPR2325 Cable Modem Gateway with Wireless Access Point

url:

http://www.cisco.com/web/consumer/support/modem_DPR2320.html

Trust: 0.8

sources: JVNDB: JVNDB-2013-005508

EXTERNAL IDS

db:	NVD	id:	CVE-2013-7043	Trust: 3.5
db:	EXPLOIT-DB	id:	29927	Trust: 2.3
db:	BID	id:	64053	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-005508	Trust: 0.8
db:	CNNVD	id:	CNNVD-201312-178	Trust: 0.7
db:	CNVD	id:	CNVD-2013-14872	Trust: 0.6
db:	CNNVD	id:	CNNVD-201312-053	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1
db:	SEEBUG	id:	SSVID-83400	Trust: 0.1
db:	VULHUB	id:	VHN-67045	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2013-14872 // VULHUB: VHN-67045 // BID: 64053 // JVNDB: JVNDB-2013-005508 // CNNVD: CNNVD-201312-053 // CNNVD: CNNVD-201312-178 // NVD: CVE-2013-7043

REFERENCES

url:	http://www.exploit-db.com/exploits/29927/	Trust: 2.3
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/89654	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7043	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7043	Trust: 0.8
url:	http://www.securityfocus.com/bid/64053	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // CNVD: CNVD-2013-14872 // VULHUB: VHN-67045 // JVNDB: JVNDB-2013-005508 // CNNVD: CNNVD-201312-053 // CNNVD: CNNVD-201312-178 // NVD: CVE-2013-7043

CREDITS

sajith

Trust: 0.9

sources: BID: 64053 // CNNVD: CNNVD-201312-053

SOURCES

db:	OTHER	id:	-
db:	CNVD	id:	CNVD-2013-14872
db:	VULHUB	id:	VHN-67045
db:	BID	id:	64053
db:	JVNDB	id:	JVNDB-2013-005508
db:	CNNVD	id:	CNNVD-201312-053
db:	CNNVD	id:	CNNVD-201312-178
db:	NVD	id:	CVE-2013-7043

LAST UPDATE DATE

2025-04-11T20:17:57.692000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-14872	date:	2013-12-05T00:00:00
db:	VULHUB	id:	VHN-67045	date:	2017-08-29T00:00:00
db:	BID	id:	64053	date:	2013-12-12T05:28:00
db:	JVNDB	id:	JVNDB-2013-005508	date:	2013-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201312-053	date:	2013-12-05T00:00:00
db:	CNNVD	id:	CNNVD-201312-178	date:	2013-12-12T00:00:00
db:	NVD	id:	CVE-2013-7043	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-14872	date:	2013-12-05T00:00:00
db:	VULHUB	id:	VHN-67045	date:	2013-12-10T00:00:00
db:	BID	id:	64053	date:	2013-11-30T00:00:00
db:	JVNDB	id:	JVNDB-2013-005508	date:	2013-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201312-053	date:	2013-11-30T00:00:00
db:	CNNVD	id:	CNNVD-201312-178	date:	2013-12-12T00:00:00
db:	NVD	id:	CVE-2013-7043	date:	2013-12-10T19:55:07.453