Page 2 of 9 results (0.002 seconds)

CVSS: 5.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2017-9491

https://notcve.org/view.php?id=CVE-2017-9491

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. El firmware Comcast en los dispositivos Cisco DPC3939 (versión de firmware dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (versión de firmware dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (versión de firmware dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (versión de firmware DPC3941_2.5s3_PROD_sey); y Arris TG1682G (eMTA & DOCSIS versión 10.0.132.SIP.PC20.CT, versión de software TG1682_2.2p7s2_PROD_sey), no establecen la flag secure para las cookies en una sesión https para una aplicación de administración, lo que hace más fácil para atacantes remotos capturar cookies interceptando su transmisión dentro de una sesión http. • https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-35.improper-cookie-flags.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2017-9490

https://notcve.org/view.php?id=CVE-2017-9490

The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. El firmware Comcast en los dispositivos Arris TG1682G (eMTA & DOCSIS versión 10.0.132.SIP.PC20.CT, versión de software TG1682_2.2p7s2_PROD_sey), permite cambios de configuración por medio de un ataque de tipo CSRF. • https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 1

CVE-2017-9489

https://notcve.org/view.php?id=CVE-2017-9489

The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. El firmware Comcast en los dispositivos Cisco DPC3939B (versión de firmware dpc3939b-v303r204217-150321a-CMCST), permite cambios en la configuración por medio de un ataque de tipo CSRF. • https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.5EPSS: 0%CPEs: 7EXPL: 2

CVE-2017-9476

https://notcve.org/view.php?id=CVE-2017-9476

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network. El firmware de Comcast en los dispositivos Cisco DPC3939 (versión de firmware dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (versión de firmware dpc3939-P20-18-v303r20421746-170221a-CMCST); y Arris TG1682G (eMTA&DOCSIS.CT versión 10.0.132.SIP.PC20.CT, versión de software TG1682_2.2p7s2_PROD_sey), facilitan a los atacantes remotos determinar el SSID oculto y la frase de contraseña para una red Wi-Fi de Home Security. • https://github.com/wiire-a/CVE-2017-9476 https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-18.home-security-wifi-network.txt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •