CVE-2016-1337

HIGH

Cisco EPC3928 Firmware - Unauthenticated Sensitive Information Exposure via Boot Process Requests

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-1337. PoCs published by Patryk Bogdan.

AI-analyzed exploit summary This PoC demonstrates multiple vulnerabilities in Cisco EPC3928, including unauthorized command execution, XSS (stored and reflective), DoS, and information disclosure. It provides HTTP requests to exploit these flaws, confirming their validity.

Description

Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.

Exploits (1)

exploitdb WORKING POC

by Patryk Bogdan · textwebappsasp

https://www.exploit-db.com/exploits/39904

View Code ZIP pw:eip

This PoC demonstrates multiple vulnerabilities in Cisco EPC3928, including unauthorized command execution, XSS (stored and reflective), DoS, and information disclosure. It provides HTTP requests to exploit these flaws, confirming their validity.

Classification

Working Poc 95%

Attack Type

Xss | Dos | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Cisco Model EPC3928 DOCSIS 3.0 8x4 Wireless Residential Gateway

No auth needed

Prerequisites: Network access to the vulnerable device

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/538627/100/0/threaded

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91541

Exploit, URL Repurposed x_refsource_misc

http://secorda.com/multiple-security-vulnerabilities-affecting-cisco-epc3928/

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/39904/

Scores

CVSS v3 8.1

EPSS 0.0457

EPSS Percentile 90.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-200 CWE-264

Status published

Products (1)

cisco/epc3928_firmware

Published Jul 03, 2016

Tracked Since Feb 18, 2026