← Back

CVE-2013-7043

nvd nist
Published: Dec 10, 2013Modified: Apr 29, 2026

JSON object

Loading...
8.3
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:C
Exploitability: 8.6 / Impact: 8.5
Source: NVD

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

Affected (4)

Cisco
4 products
Scientific Atlanta Dpr/epr2320 Firmware
Scientific Atlanta Dpr/epr2320
Scientific Atlanta Dpr2325 Firmware
Scientific Atlanta Dpr2325
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Scientific Atlanta Dpr/epr2320 Firmware
Version 2.0.2 r1262-090417
Scientific Atlanta Dpr/epr2320
All versions
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Scientific Atlanta Dpr2325 Firmware
Version 2.0.2 r1262-090417
Scientific Atlanta Dpr2325
All versions

Related CWEs

CWE-352
Cross-Site Request Forgery (CSRF)
The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

Source: cve@mitre.org
ExploitVDB Entry
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.