Описание
An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them).
Ссылки
- ExploitThird Party Advisory
- Third Party Advisory
- ExploitThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:virginmedia:super_hub_3_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:virginmedia:super_hub_3:-:*:*:*:*:*:*:*
EPSS
Процентиль: 27%
0.00097
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863
Связанные уязвимости
github
больше 3 лет назад
An issue was discovered on Virgin Media Super Hub 3 (based on ARRIS TG2492) devices. Because their SNMP commands have insufficient protection mechanisms, it is possible to use JavaScript and DNS rebinding to leak the WAN IP address of a user (if they are using certain VPN implementations, this would decloak them).
EPSS
Процентиль: 27%
0.00097
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-863