VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 18, 2014· Updated May 6, 2026

CVE-2014-3306

CVE-2014-3306

Description

Unauthenticated remote attackers can execute arbitrary code on multiple Cisco Wireless Residential Gateway products via a crafted HTTP request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Unauthenticated remote attackers can execute arbitrary code on multiple Cisco Wireless Residential Gateway products via a crafted HTTP request.

Vulnerability

A buffer overflow vulnerability exists in the web server of multiple Cisco Wireless Residential Gateway products, including DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925. The flaw is due to improper input validation of HTTP requests. Affected devices run software based on BFC 5.5.2 or older [1].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending a crafted HTTP request to the affected device. No authentication or prior access is required [1].

Impact

Successful exploitation allows arbitrary code execution on the device, giving the attacker full control over the gateway [1].

Mitigation

Cisco has released software updates based on BFC 5.5.3 that address this vulnerability. No workarounds are available. Customers should upgrade to BFC 5.5.3 or later [1].

References
  1. Cisco Security Advisory: Cisco Wireless Residential Gateway Remote Code Execution Vulnerability

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

10

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.