CVE-2013-7136

UPC Ireland Cisco EPC 2425 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-7136. PoCs published by Matt O'Connor.

AI-analyzed exploit summary This is a writeup detailing a vulnerability in UPC Ireland Cisco EPC 2425 routers where the WPA-PSK passphrase is susceptible to an offline dictionary attack due to its predictable 8-character uppercase-only format. The document describes the methodology and hardware used to crack the password within 30 days.

Description

The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.

Exploits (1)

exploitdb WRITEUP
by Matt O'Connor · textwebappshardware
https://www.exploit-db.com/exploits/30358

This is a writeup detailing a vulnerability in UPC Ireland Cisco EPC 2425 routers where the WPA-PSK passphrase is susceptible to an offline dictionary attack due to its predictable 8-character uppercase-only format. The document describes the methodology and hardware used to crack the password within 30 days.

Classification
Writeup 100%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Cisco EPC 2425 / Horizon Box
No auth needed
Prerequisites: WPA-PSK handshake capture · dictionary files generated with mask processor · GPU-based cracking hardware
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/90133
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/30358/

Scores

EPSS 0.0416
EPSS Percentile 89.6%

Details

CWE
CWE-310
Status published
Products (1)
upc/ireland_cisco_epc2425
Published Dec 19, 2013
Tracked Since Feb 18, 2026