Description
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Portcullis · textwebappshardware
https://www.exploit-db.com/exploits/33353
References (2)
Core 2
Core References
Exploit x_refsource_misc
https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2014/May/58
Scores
EPSS
0.1232
EPSS Percentile
93.9%
Details
CWE
CWE-310
Status
published
Products (2)
broadcom/pipa_c211
broadcom/pipa_c211_web_interface
1.1
Published
May 14, 2014
Tracked Since
Feb 18, 2026