CVE-2010-2025
published 2010-05-26CVE-2010-2025: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware…
PriorityP339medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
2.08%
79.1th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | scientific_atlanta_webstar_dpc2100r2 | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-88w8-8vj6-f5c6: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with fir
ghsa_unreviewed·2022-05-17
CVE-2010-2025 [MEDIUM] CWE-352 GHSA-88w8-8vj6-f5c6: Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with fir
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.
CISA
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
cisa·2025-10-06·CVSS 8.1
CVE-2010-3962 [HIGH] Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Vulnerability: Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Affected: Microsoft Internet Explorer
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962
Remediation Due Date: 2025-10-27
CISA
Mozilla Multiple Products Remote Code Execution Vulnerability
cisa·2025-10-06·CVSS 9.8
CVE-2010-3765 [CRITICAL] Mozilla Multiple Products Remote Code Execution Vulnerability
Vulnerability: Mozilla Multiple Products Remote Code Execution Vulnerability
Affected: Mozilla Multiple Products
Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption.
Required Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes: https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765
Remediation Due Date: 2025-10-27
Citrix
Citrix Security Bulletin CTX125976
vendor_citrix·CVSS 9.3
CVE-2010-2991 [CRITICAL] Citrix Security Bulletin CTX125976
Citrix Security Bulletin CTX125976
CVE References: CVE-2010-2991, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX127541
vendor_citrix·CVSS 4.3
CVE-2010-4515 [MEDIUM] Citrix Security Bulletin CTX127541
Citrix Security Bulletin CTX127541
CVE References: CVE-2010-4515, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX125319
vendor_citrix·CVSS 1.9
CVE-2010-2619 [LOW] Citrix Security Bulletin CTX125319
Citrix Security Bulletin CTX125319
CVE References: CVE-2010-2619, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX125975
vendor_citrix·CVSS 9.3
CVE-2010-2990 [CRITICAL] Citrix Security Bulletin CTX125975
Citrix Security Bulletin CTX125975
CVE References: CVE-2010-2990, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX127613
vendor_citrix·CVSS 9.3
CVE-2010-4566 [CRITICAL] Citrix Security Bulletin CTX127613
Citrix Security Bulletin CTX127613
CVE References: CVE-2010-4566, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123193
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123193
Citrix Security Bulletin CTX123193
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123456
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123456
Citrix Security Bulletin CTX123456
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Citrix
Citrix Security Bulletin CTX123460
vendor_citrix·CVSS 4.6
CVE-2010-0633 [MEDIUM] Citrix Security Bulletin CTX123460
Citrix Security Bulletin CTX123460
CVE References: CVE-2010-0633, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
No detection rules found.
Exploit-DB
Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities
exploitdb·2010-05-24
CVE-2010-2025 Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities
Cisco DPC2100 2.0.2 r1256-060303 - Multiple Security Bypass / Cross-Site Request Forgery Vulnerabilities
---
source: https://www.securityfocus.com/bid/40346/info
Cisco DPC2100 (formerly Scientific Atlanta DPC2100) is prone to multiple security-bypass and cross-site request-forgery vulnerabilities.
Successful exploits may allow attackers to run privileged commands on the affected device, change configuration settings, modify device firmware, cause denial-of-service conditions, or inject arbitrary script code. Other attacks are also possible.
Firmware versions prior to 2.0.2.r1256-100324as are vulnerable.
Test for CSRF vulnerability in WebSTAR modems document.csrf.submit()
Nuclei
WordPress JobWP Plugin <= 2.3.9 - SQL Injection
nuclei·CVSS 7.5
CVE-2025-2010 [HIGH] WordPress JobWP Plugin <= 2.3.9 - SQL Injection
WordPress JobWP Plugin =7'
- "status_code == 200"
- "contains_all(body, 'jobwp-', 'apply-')"
condition: and
# digest: 4a0a00473045022100dfc537cf9596380306707bf379f3844a09fdd5104f6bf024f6349cb04c507d1c02202efdbd7f34575015bc8b9c946f9c195fca061c3cc242af6579dcd21b95c281e0:922c64590222798bb761d5b6d8e72950
Tenable
Tenable Black Hat USA 2010 Party !
blogs_tenable·2010-06-25·CVSS 5.3
[MEDIUM] Tenable Black Hat USA 2010 Party !
Blog / Company
Subscribe
# Tenable Black Hat USA 2010 Party !
Ron Gula
June 25, 2010
1 Min Read
Attending Black Hat USA 2010? Tenable Network Security appreciates our customers and Nessus users and would like to invite you to a party at Margaritaville, across the street from Caesar's Palace. The first 100 people at the door will receive a Tenable Nessus Hawaiian shirt as well as a Nessus Cigar!
- Wednesday July 28th - 8:00 PM to 10:00 PM
- Quick walk from Caesars Palace
- Meet and greet Tenable staff including Tenable CEO Ron Gula, Product Evangelist Paul Asadoorian and our Black Hat and Defcon speakers.
- Pre-Register at http://www.tenable.com/bhparty2010/
## Related articles
May 13, 2025
## CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Executio
Zscaler
CVE-2010-0806 Exploit In The Wild | Zscaler
blogs_zscaler·2010-04-06·CVSS 9.3
[CRITICAL] CVE-2010-0806 Exploit In The Wild | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
2010-05-26
Published