Cisco EPC3925 – CSRF Vulnerability

Security Findings Share this post

The Cisco EPC3925 is a cable modem/router which is commonly used in the Netherlands by cable internet providers.

The following video demonstrates that the web interface of of the Cisco EPC3925 is vulnerable to Cross Site Request Forgery.

In this attack scenario, the password to the administrative interface is changed by the attacker. An extra problem in this scenario is that the web interface does not require the old password before changing it.

CVE-ID: CVE-2013-6976

About the Author


Currently I am working as an Information Security Consultant & Project Manager at Comsec Consulting. I provide consulting in several areas of security including but not limited to: penetration testing, application vulnerability assessments, network vulnerability assessments, and wireless security. I also participate in PCI-DSS and PA-DSS certification projects.

Leave a Reply

Your email address will not be published. Required fields are marked *

nine × 2 =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">