CVE-2023-27571 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27571
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://sec-consult.com/en/vulnerability-lab/advisories/index.html https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway https://www.sec-consult.com/en/blog • CWE-306: Missing Authentication for Critical Function •
CVE-2023-27572 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27572
An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://sec-consult.com/en/vulnerability-lab/advisories/index.html https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway https://www.sec-consult.com/en/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •