exploitDog

CVE-2021-20120

Опубликовано: 21 окт. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.

Ссылки

https://www.tenable.com/security/research/tra-2021-45
Exploit
Third Party Advisory
https://www.tenable.com/security/research/tra-2021-45
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:commscope:arris_surfboard_sb8200_firmware:ab01.02.053.01_112320_193.0a.nsh:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_surfboard_sb8200:-:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-mmqp-272f-v3vw

github

больше 3 лет назад

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.

EPSS

Процентиль: 35%

0.00145

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-352