CVE-2017-9488

CWE-798 — Hard-coded Credentials3 documents3 sources

Severity

8.8HIGH

EPSS

0.3%

top 47.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Dpc3939 Firmware Cisco Dpc3941t Firmware

Timeline

PublishedJul 31

Latest updateMay 17

Description

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/dpc3939_firmwaredpc3939-p20-18-v303r20421746-170221a-cmcst

▶NVDcisco/dpc3941t_firmwaredpc3941_2.5s3_prod_sey

🔴Vulnerability Details

GHSA

GHSA-gcqq-7ff7-wh9p: The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2↗2022-05-17

▶

CVEList

CVE-2017-9488: The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2↗2017-07-31

▶