Description
On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd.
References (1)
Core 1
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Jul/26
Scores
CVSS v3
9.8
EPSS
0.0139
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-22
Status
published
Products (2)
cisco/residential_gateway_firmware
ddr2200b-na-annexa-fcc-v00.00.03.45.4e
cisco/residential_gateway_firmware
ddr2201v1-na-annexa-fcc-v00.00.03.28.3
Published
Jul 24, 2017
Tracked Since
Feb 18, 2026