Lack of Access Control for Multiple Commands on Cisco DDR2200 and DDR2201v1 ADSL2+ Residential Gateways

Lack of Access Control for Multiple Commands on Cisco DDR2200 and DDR2201v1 ADSL2+ Residential Gateways

CVE-2017-11589 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is no access control for info.html, wancfg.cmd, rtroutecfg.cmd, arpview.cmd, cpuview.cmd, memoryview.cmd, statswan.cmd, statsatm.cmd, scsrvcntr.cmd, scacccntr.cmd, logview.cmd, voicesipview.cmd, usbview.cmd, wlmacflt.cmd, wlwds.cmd, wlstationlist.cmd, HPNAShow.cmd, HPNAView.cmd, qoscls.cmd, qosqueue.cmd, portmap.cmd, scmacflt.cmd, scinflt.cmd, scoutflt.cmd, certlocal.cmd, or certca.cmd.

Learn more about our Cis Benchmark Audit For Cisco.