CVE-2014-2046

Name of the Vulnerable Software and Affected Versions Broadcom Ltd PIPA C211 rev2 version 1.1

Description The issue is related to the cgi-bin/rpcBridge in the web interface, which does not properly restrict access. This allows remote attackers to obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or modify the firmware via unspecified vectors.

Recommendations For version 1.1, consider restricting access to the cgi-bin/rpcBridge in the web interface until a patch is available. As a temporary workaround, avoid using the config.getValuesHashExcludePaths method to minimize the risk of exploitation.