CVE-2017-9490Cross-Site Request Forgery in Tg1682g Firmware

CWE-352Cross-Site Request Forgery3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.1%
top 66.96%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arris Tg1682g FirmwareCisco Dpc3939b Firmware
Timeline
PublishedJul 31
Latest updateMay 17

Description

The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDarris/tg1682g_firmware10.0.132.sip.pc20.ct, tg1682_2.2p7s2_prod_sey+1
NVDcisco/dpc3939b_firmwaredpc3939b-v303r204217-150321a-cmcst

🔴Vulnerability Details

2
GHSA
GHSA-x23c-v5hm-x538: The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 102022-05-17
CVEList
CVE-2017-9490: The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 102017-07-31
CVE-2017-9490 — Cross-Site Request Forgery | cvebase