Cross-Site Scripting Vulnerability in Cisco EPC3928 Management Interface
CVE-2015-6402

Currently unrated

Key Information:

Vendor: Cisco
Status: Epc3928 Docsis 3.0 8x4 Wireless Residential Gateway With Embedded Digital Voice Adapter
Vendor: CVE Published:; 14 December 2015

What is CVE-2015-6402?

A cross-site scripting vulnerability exists in the management interface of Cisco EPC3928 devices running specific EDVA versions. This flaw allows remote attackers to inject arbitrary web scripts or HTML, which may lead to unauthorized actions or disclosure of sensitive information. The issue is associated with an unspecified value in the management interface, making it crucial for organizations using these devices to implement proper security measures to mitigate potential attacks.

References

http://www.securitytracker.com/id/1034346

vdb-entryx_refsource_SECTRACK

https://www.exploit-db.com/exploits/39904/

exploitx_refsource_EXPLOIT-DB

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

EPSS Score

31% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 14, 2015
Vulnerability Reserved
Aug 17, 2015