// For flags

CVE-2017-9490

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.

El firmware Comcast en los dispositivos Arris TG1682G (eMTA & DOCSIS versión 10.0.132.SIP.PC20.CT, versión de software TG1682_2.2p7s2_PROD_sey), permite cambios de configuración por medio de un ataque de tipo CSRF.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-06-07 CVE Reserved
  • 2017-07-31 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Dpc3939b Firmware
Search vendor "Cisco" for product "Dpc3939b Firmware"
dpc3939b-v303r204217-150321a-cmcst
Search vendor "Cisco" for product "Dpc3939b Firmware" and version "dpc3939b-v303r204217-150321a-cmcst"
-
Affected
in Cisco
Search vendor "Cisco"
Dpc3939b
Search vendor "Cisco" for product "Dpc3939b"
--
Safe
Arris
Search vendor "Arris"
Tg1682g Firmware
Search vendor "Arris" for product "Tg1682g Firmware"
10.0.132.sip.pc20.ct
Search vendor "Arris" for product "Tg1682g Firmware" and version "10.0.132.sip.pc20.ct"
-
Affected
in Commscope
Search vendor "Commscope"
Arris Tg1682g
Search vendor "Commscope" for product "Arris Tg1682g"
--
Safe
Arris
Search vendor "Arris"
Tg1682g Firmware
Search vendor "Arris" for product "Tg1682g Firmware"
tg1682_2.2p7s2_prod_sey
Search vendor "Arris" for product "Tg1682g Firmware" and version "tg1682_2.2p7s2_prod_sey"
-
Affected
in Commscope
Search vendor "Commscope"
Arris Tg1682g
Search vendor "Commscope" for product "Arris Tg1682g"
--
Safe