Vulnerabilities > CVE-2013-7136 - Cryptographic Issues vulnerability in UPC Ireland Cisco Epc2425

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
upc
CWE-310
critical
exploit available

Summary

The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have a sufficiently large number of possible WPA-PSK passphrases, which makes it easier for remote attackers to obtain access via a brute-force attack.

Vulnerable Configurations

Part Description Count
Hardware
Upc
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Exploit-Db

descriptionUPC Ireland Cisco EPC 2425 Router / Horizon Box. CVE-2013-7136. Webapps exploit for hardware platform
fileexploits/hardware/webapps/30358.txt
idEDB-ID:30358
last seen2016-02-03
modified2013-12-16
platformhardware
port
published2013-12-16
reporterMatt O'Connor
sourcehttps://www.exploit-db.com/download/30358/
titleUPC Ireland Cisco EPC 2425 Router / Horizon Box
typewebapps