A vulnerability in the HTTP server on the Cisco Model DPQ3925 8×4 DOCSIS 3.0 Wireless Residential Gateway with Embedded Digital Voice Adapter (EDVA) could allow an unauthenticated, remote attacker to access sensitive information located on the device.
The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. An exploit could allow the attacker to access sensitive information from the device.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This vulnerability was reported to Cisco by Chris Watts of Tech Analysis. Cisco would like to thank him for reporting this issue to Cisco PSIRT.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151217-gateway