CVE-2017-11589

CRITICAL

Cisco DDR2200/2201 - Info Disclosure

Title source: llm
STIX 2.1

Description

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd.

References (1)

Core 1
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Jul/26

Scores

CVSS v3 9.8
EPSS 0.0139
EPSS Percentile 68.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-22
Status published
Products (2)
cisco/residential_gateway_firmware ddr2200b-na-annexa-fcc-v00.00.03.45.4e
cisco/residential_gateway_firmware ddr2201v1-na-annexa-fcc-v00.00.03.28.3
Published Jul 24, 2017
Tracked Since Feb 18, 2026