CVE-2010-2025

Name of the Vulnerable Software and Affected Versions Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem version 2.0.2r1256-060303

Description The issue affects the web interface of the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem, allowing remote attackers to hijack the authentication of administrators. This can lead to various malicious actions, including resetting the modem, erasing the firmware, changing the administrative password, installing modified firmware, or changing the access level. For example, an attacker could send a request to the /goform/ aslvl endpoint to change the access level.

Recommendations For Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem version 2.0.2r1256-060303, consider restricting access to the web interface until a fix is available. As a temporary workaround, avoid using the web interface for sensitive operations, such as changing the administrative password or installing firmware, until the issue is resolved.