CVE-2014-2046 Information

Description

cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.

Reference

http://seclists.org/fulldisclosure/2014/May/58 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-2046/