CVE-2014-2046

Broadcom Ltd PIPA C211 rev2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-2046. PoCs published by Portcullis.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated information disclosure vulnerability in Broadcom PIPA C211 devices. By sending a crafted XML-RPC request to the `/cgi-bin/rpcBridge` endpoint, an attacker can retrieve sensitive system configuration, including administrative credentials and community strings.

Description

cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Portcullis · textwebappshardware
https://www.exploit-db.com/exploits/33353

This exploit demonstrates an unauthenticated information disclosure vulnerability in Broadcom PIPA C211 devices. By sending a crafted XML-RPC request to the `/cgi-bin/rpcBridge` endpoint, an attacker can retrieve sensitive system configuration, including administrative credentials and community strings.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Broadcom PIPA C211 (Soft Rev: SR1.1, HW Rev: PIPA C211 rev2)
No auth needed
Prerequisites: Network access to the target device's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.0382
EPSS Percentile 88.7%

Details

CWE
CWE-310
Status published
Products (2)
broadcom/pipa_c211
broadcom/pipa_c211_web_interface 1.1
Published May 14, 2014
Tracked Since Feb 18, 2026