Jeroen has reported a vulnerability in Cisco EPC3925, which can be exploited by malicious people to conduct cross-site request forgery attacks
You need to log in to the Secunia Community to view the full description of this advisory
If you are not a member of the Secunia community, you can sign up here for free.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to email@example.com
Score: 0 Posts: 1 User Since: 18th Dec 2013 System Score: N/A Location: NL Last edited on 20th Dec, 2013 06:50
There is also Persistent Cross Site Scripting in the Cisco EPC3925. There is client-side input validation, which can - of course - easily bypassed. I have created a proof of concept that stores the payload in the DDNS section.