CVE-2017-9489Cross-Site Request Forgery in Cisco Dpc3939b Firmware

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 66.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Dpc3939b FirmwareCommscope Arris Tg1682g Firmware
Timeline
PublishedJul 31
Latest updateMay 13

Description

The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDcisco/dpc3939b_firmwaredpc3939b-v303r204217-150321a-cmcst
NVDcommscope/arris_tg1682g_firmware10.0.132.sip.pc20.ct, tg1682_2.2p7s2_prod_sey+1

🔴Vulnerability Details

2
GHSA
GHSA-2837-wh3m-xwh8: The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF2022-05-13
CVEList
CVE-2017-9489: The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF2017-07-31
CVE-2017-9489 — Cross-Site Request Forgery in Cisco | cvebase