Details of VAR-201407-0370

ID

VAR-201407-0370

CVE

CVE-2014-3306

TITLE

plural Cisco Run on product Web Vulnerability in arbitrary code execution on server

Trust: 0.8

sources: JVNDB: JVNDB-2014-003477

DESCRIPTION

The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808. The Cisco Wireless Residential Gateway is the device for the associated wireless home gateway. Attackers can exploit this issue to inject arbitrary commands and execute arbitrary code with elevated privileges. Failed exploit attempts will crash the web server, denying service to legitimate users. This issue is being tracked by Cisco bug ID CSCup40808. Cisco DPC3010, etc. The following products are affected: Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, EPC3925

Trust: 2.52

sources: NVD: CVE-2014-3306 // JVNDB: JVNDB-2014-003477 // CNVD: CNVD-2014-04382 // BID: 68673 // VULHUB: VHN-71246

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-04382

AFFECTED PRODUCTS

vendor:	cisco	model:	dpc3010	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	epc3925	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	dpq3925	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	dpc3925	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	dpc3212	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	dpc3825	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	epc3010	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	epc3212	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	epc3825	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	dpc3212 voip cable modem	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	dpc3825 8x4 docsis 3.0 wireless residential gateway	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	epc3212 voip cable modem	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	epc3825 8x4 docsis 3.0 wireless residential gateway	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	model dpc3010 docsis 3.0 8x4 cable modem	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	model dpc3925 8x4 docsis 3.0 with wireless residential gateway with edva	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	model dpq3925 8x4 docsis 3.0 wireless residential gateway with edva	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	model epc3010 docsis 3.0 cable modem	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	model epc3925 8x4 docsis 3.0 with wireless residential gateway with edva	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	wireless residential gateway	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-04382 // JVNDB: JVNDB-2014-003477 // CNNVD: CNNVD-201407-469 // NVD: CVE-2014-3306

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3306
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-3306
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-04382
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201407-469
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-71246
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-3306
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-04382
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71246
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-04382 // VULHUB: VHN-71246 // JVNDB: JVNDB-2014-003477 // CNNVD: CNNVD-201407-469 // NVD: CVE-2014-3306

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-71246 // JVNDB: JVNDB-2014-003477 // NVD: CVE-2014-3306

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201407-469

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201407-469

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003477

PATCH

title:	ciscosa-20140716-cm	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/ciscosa-20140716-cm	Trust: 0.8
title:	34895	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34895	Trust: 0.8
title:	ciscosa-20140716-cm	url:	http://www.cisco.com/cisco/web/support/JP/112/1122/1122791_ciscosa-20140716-cm-j.html	Trust: 0.8
title:	Patch for remote code execution vulnerabilities in multiple Cisco Wireless Residential Gateway products	url:	https://www.cnvd.org.cn/patchInfo/show/47703	Trust: 0.6

sources: CNVD: CNVD-2014-04382 // JVNDB: JVNDB-2014-003477

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3306	Trust: 3.4
db:	SECTRACK	id:	1030598	Trust: 1.1
db:	SECTRACK	id:	1030599	Trust: 1.1
db:	BID	id:	68673	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-003477	Trust: 0.8
db:	CNNVD	id:	CNNVD-201407-469	Trust: 0.7
db:	CNVD	id:	CNVD-2014-04382	Trust: 0.6
db:	VULHUB	id:	VHN-71246	Trust: 0.1

sources: CNVD: CNVD-2014-04382 // VULHUB: VHN-71246 // BID: 68673 // JVNDB: JVNDB-2014-003477 // CNNVD: CNNVD-201407-469 // NVD: CVE-2014-3306

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/ciscosa-20140716-cm	Trust: 1.7
url:	http://www.securitytracker.com/id/1030598	Trust: 1.1
url:	http://www.securitytracker.com/id/1030599	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3306	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3306	Trust: 0.8
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34895	Trust: 0.6
url:	www.cisco.com	Trust: 0.3

sources: CNVD: CNVD-2014-04382 // VULHUB: VHN-71246 // BID: 68673 // JVNDB: JVNDB-2014-003477 // CNNVD: CNNVD-201407-469 // NVD: CVE-2014-3306

CREDITS

Chris Watts of Tech Analysis

Trust: 0.3

sources: BID: 68673

SOURCES

db:	CNVD	id:	CNVD-2014-04382
db:	VULHUB	id:	VHN-71246
db:	BID	id:	68673
db:	JVNDB	id:	JVNDB-2014-003477
db:	CNNVD	id:	CNNVD-201407-469
db:	NVD	id:	CVE-2014-3306

LAST UPDATE DATE

2025-04-13T23:35:14.892000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-04382	date:	2014-07-21T00:00:00
db:	VULHUB	id:	VHN-71246	date:	2017-01-12T00:00:00
db:	BID	id:	68673	date:	2014-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-003477	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-469	date:	2014-07-22T00:00:00
db:	NVD	id:	CVE-2014-3306	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-04382	date:	2014-07-21T00:00:00
db:	VULHUB	id:	VHN-71246	date:	2014-07-18T00:00:00
db:	BID	id:	68673	date:	2014-07-16T00:00:00
db:	JVNDB	id:	JVNDB-2014-003477	date:	2014-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201407-469	date:	2014-07-22T00:00:00
db:	NVD	id:	CVE-2014-3306	date:	2014-07-18T00:55:04.830