CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 3CVE-2023-27571 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27571
07 Mar 2023 — An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://packetstorm.news/files/id/171283 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 3CVE-2023-27572 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27572
07 Mar 2023 — An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://packetstorm.news/files/id/171283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •