CVE-2013-7043

Name of the Vulnerable Software and Affected Versions Cisco Scientific Atlanta DPR2320R2 router version 2.0.2r1262-090417

Description The issue allows remote attackers to hijack the authentication of administrators for various requests, including changing a password via the Password parameter to "goform/RgSecurity" API endpoint, rebooting the device via the Restart parameter to "goform/restart" API endpoint, modifying Wi-Fi settings via the WpaPreSharedKey parameter to "goform/wlanSecurity" API endpoint, and modifying parental controls via the ParentalPassword parameter to "goform/RgParentalBasic" API endpoint.

Recommendations For Cisco Scientific Atlanta DPR2320R2 router version 2.0.2r1262-090417, consider disabling access to the "goform/RgSecurity", "goform/restart", "goform/wlanSecurity", and "goform/RgParentalBasic" API endpoints until a patch is available. Restrict the use of the Password, Restart, WpaPreSharedKey, and ParentalPassword parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.