CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1CVE-2017-9489
https://notcve.org/view.php?id=CVE-2017-9489
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. El firmware Comcast en los dispositivos Cisco DPC3939B (versión de firmware dpc3939b-v303r204217-150321a-CMCST), permite cambios en la configuración por medio de un ataque de tipo CSRF. • https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 2CVE-2017-9476
https://notcve.org/view.php?id=CVE-2017-9476
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network. El firmware de Comcast en los dispositivos Cisco DPC3939 (versión de firmware dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (versión de firmware dpc3939-P20-18-v303r20421746-170221a-CMCST); y Arris TG1682G (eMTA&DOCSIS.CT versión 10.0.132.SIP.PC20.CT, versión de software TG1682_2.2p7s2_PROD_sey), facilitan a los atacantes remotos determinar el SSID oculto y la frase de contraseña para una red Wi-Fi de Home Security. • https://github.com/wiire-a/CVE-2017-9476 https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-18.home-security-wifi-network.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2014-3778 – Motorola SBG901 Wireless Modem - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-3778
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter. Múltiples vulnerabilidades de CSRF en goform/RgDdns en ARRIS (anteriormente Motorola) SBG901 SURFboard Wireless Cable Modem permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) cambian el servicio dns a través del parámetro DdnsService, (2) cambian el nombre de usuario a través del parámetro DdnsUserName, (3) cambian la contraseña a través del parámetro DdnsPassword o (4) cambian el nombre de anfitrión a través del parámetro DdnsHostName. Motorola SBG901 wireless modem suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/33792 http://www.exploit-db.com/exploits/33792 • CWE-352: Cross-Site Request Forgery (CSRF) •