CVE-2017-9488

Опубликовано: 31 июл. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 5.8

EPSS Низкий

Описание

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet.

Ссылки

https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-31.stb-remote-webui.txt
Exploit
Third Party Advisory
https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-31.stb-remote-webui.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421746-170221a-cmcst:*:*:*:*:*:*:*

cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:cisco:dpc3941t_firmware:dpc3941_2.5s3_prod_sey:*:*:*:*:*:*:*

cpe:2.3:h:cisco:dpc3941t:-:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00296

Низкий

8.8 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-798

Связанные уязвимости

GHSA-gcqq-7ff7-wh9p