Authentication Bypass in Cisco EPC3928 Devices
CVE-2015-6401

Currently unrated

Key Information:

Vendor: Cisco
Status: Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter
Vendor: CVE Published:; 14 December 2015

Summary

The Cisco EPC3928 series devices running specific versions of the EDVA software allow remote attackers to bypass authentication mechanisms. This vulnerability can potentially enable unauthorized access to sensitive administrative functions, which could lead to security breaches. The affected software versions include 5.5.10, 5.5.11, and 5.7.1, where attackers can leverage crafted HTTP requests to exploit this flaw. Users are advised to implement mitigation strategies outlined by Cisco to protect their network infrastructure.

References

https://www.exploit-db.com/exploits/39904/

exploitx_refsource_EXPLOIT-DB

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1034347

vdb-entryx_refsource_SECTRACK

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 14, 2015
Vulnerability Reserved
Aug 17, 2015