CVE-2013-7043

Cisco Scientific Atlanta DPR2320R2 Firmware 2.0.2r1262-090417 - Cross-Site Request Forgery via Multiple Endpoints

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7043. PoCs published by sajith.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in the DPR2320R2 router, allowing an attacker to change authentication passwords, reboot the modem, modify wireless settings, and alter parental controls without user interaction.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco Scientific Atlanta DPR2320R2 routers with software 2.0.2r1262-090417 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via the Password parameter to goform/RgSecurity; (2) reboot the device via the Restart parameter to goform/restart; (3) modify Wi-Fi settings, as demonstrated by the WpaPreSharedKey parameter to goform/wlanSecurity; or (4) modify parental controls via the ParentalPassword parameter to goform/RgParentalBasic.

Exploits (1)

exploitdb WORKING POC

by sajith · textwebappshardware

https://www.exploit-db.com/exploits/29927

View Code ZIP pw:eip

This exploit demonstrates multiple CSRF vulnerabilities in the DPR2320R2 router, allowing an attacker to change authentication passwords, reboot the modem, modify wireless settings, and alter parental controls without user interaction.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Scientific-Atlanta DPR2320R2 v2.0.2r1262-090417

No auth needed

Prerequisites: Victim must be authenticated to the router's web interface · Attacker must lure victim to a malicious webpage

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/89654

Exploit, VDB Entry exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/29927/

Scores

EPSS 0.0207

EPSS Percentile 79.0%

Details

CWE

CWE-352

Status published

Products (4)

cisco/scientific_atlanta__dpr2325

cisco/scientific_atlanta__dpr2325_firmware 2.0.2 r1262-090417

cisco/scientific_atlanta__dpr\/epr2320

cisco/scientific_atlanta__dpr\/epr2320_firmware 2.0.2 r1262-090417

Published Dec 10, 2013

Tracked Since Feb 18, 2026