CVE-2010-2025

Cisco Scientific Atlanta WebSTAR DPC2100R2 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2025. PoCs published by Dan Rosenberg.

AI-analyzed exploit summary This HTML-based PoC exploits a CSRF vulnerability in Cisco DPC2100 modems, allowing attackers to change the access level to '0' (highest privilege) by submitting a crafted form to the device's management interface. The exploit leverages a default password ('W2402') and requires the victim to visit the malicious page while authenticated on the target network.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dan Rosenberg · htmlremotehardware

https://www.exploit-db.com/exploits/34033

View Code ZIP pw:eip

This HTML-based PoC exploits a CSRF vulnerability in Cisco DPC2100 modems, allowing attackers to change the access level to '0' (highest privilege) by submitting a crafted form to the device's management interface. The exploit leverages a default password ('W2402') and requires the victim to visit the malicious page while authenticated on the target network.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Cisco DPC2100 (firmware prior to 2.0.2.r1256-100324as)

No auth needed

Prerequisites: Victim must be on the same network as the target modem · Victim must visit the malicious HTML page · Target modem must use default password 'W2402'

MITRE ATT&CK

T1189 - Drive-by Compromise T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0322.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/40346

Scores

EPSS 0.0208

EPSS Percentile 79.0%

Details

CWE

CWE-352

Status published

Products (1)

cisco/scientific_atlanta_webstar_dpc2100r2 2.0.2r1256-060303

Published May 26, 2010

Tracked Since Feb 18, 2026