cbcvebase.
CVE-2016-1327
published 2016-03-09

CVE-2016-1327: Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a…

PriorityP264critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.85%
93.2th percentile
Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices with firmware r1_customer_image allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCuv05935.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocable_modem_with_digital_voice
ciscodpc2203_cable_modem_firmware
ciscoepc2203_cable_modem_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • Detect crafted HTTP requests targeting the Cisco DPC2203/EPC2203 web server; any malformed or oversized HTTP request to the device's web interface should be flagged as a potential exploitation attempt of this buffer overflow.
  • The vulnerability is exploitable by unauthenticated remote attackers, so monitor for unexpected or anomalous HTTP traffic directed at Cisco DPC2203/EPC2203 cable modem web interfaces from external/untrusted sources.
  • Flag devices running firmware version 'r1_customer_image' on Cisco DPC2203 or EPC2203 as vulnerable and prioritize for patching or network isolation.
  • ·No workarounds are available for this vulnerability; remediation requires a firmware update distributed through the service provider, not directly from Cisco.
  • ·Customers must contact their service providers (not Cisco TAC directly) to obtain the patched firmware, as updates are released to service providers.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.