A vulnerability with web interface access authentication of the Cisco EPC3928 Wireless Residential Gateway could allow an unauthenticated, remote attacker to issue a subset of commands as the administrator without authenticating to the device.

The vulnerability is due to lack of authentication required for certain administrative functions through the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the device. An exploit could allow the attacker to execute a subset of administrator functions without being authenticated.

Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151208-cwr

Leave a Reply