Cross-Site Request Forgery Vulnerability in Cisco EPC3925 Devices
CVE-2013-6976

Currently unrated

Key Information:

Vendor: Cisco
Status: Epc3925
Vendor: CVE Published:; 19 December 2013

Summary

The vulnerability found in Cisco EPC3925 devices via the goform/Quick_setup functionality exposes the devices to cross-site request forgery (CSRF). This flaw allows remote attackers to exploit the authentication process of administrators, potentially enabling them to change passwords without authorization. Through specially crafted requests, an attacker could manipulate the Password and PasswordReEnter parameters, leading to unauthorized access and control of the device settings. Effective mitigation measures should be implemented to safeguard against such attacks.

References

http://www.securityfocus.com/bid/64341

vdb-entryx_refsource_BID

http://www.nerdbox.it/cisco-epc3925-csrf-vulnerability/

x_refsource_MISC

http://packetstormsecurity.com/files/124449/Cisco-EPC3925...

x_refsource_MISC

Timeline

Vulnerability published
Dec 19, 2013
Vulnerability Reserved
Dec 5, 2013