// For flags

CVE-2014-3778

Motorola SBG901 Wireless Modem - Cross-Site Request Forgery

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.

Múltiples vulnerabilidades de CSRF en goform/RgDdns en ARRIS (anteriormente Motorola) SBG901 SURFboard Wireless Cable Modem permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) cambian el servicio dns a través del parámetro DdnsService, (2) cambian el nombre de usuario a través del parámetro DdnsUserName, (3) cambian la contraseña a través del parámetro DdnsPassword o (4) cambian el nombre de anfitrión a través del parámetro DdnsHostName.

Motorola SBG901 wireless modem suffers from a cross site request forgery vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-05-19 CVE Reserved
  • 2014-06-17 First Exploit
  • 2014-06-18 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-09-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (2)
URL Tag Source
URL Date SRC
https://www.exploit-db.com/exploits/33792 2014-06-17
http://www.exploit-db.com/exploits/33792 2024-08-06
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Commscope
Search vendor "Commscope"
 Arris Sbg901
Search vendor "Commscope" for product "Arris Sbg901"
--
Affected