Lucene search

MitreCVE-2014-3778

HistoryJun 19, 2014 - 2:55 p.m.

CVE-2014-3778

2014-06-1914:55:07

CWE-352

mitre

web.nvd.nist.gov

cve-2014-3778

csrf

arris

sbg901

surfboard

modem

security vulnerability

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

70.5%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.

Affected configurations

Nvd

Node

commscopearris_sbg901Match-

VendorProductVersionCPE
commscopearris_sbg901-cpe:2.3:h:commscope:arris_sbg901:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
commscope	arris_sbg901	-	cpe:2.3:h:commscope:arris_sbg901:-:::::::*

References

www.exploit-db.com/exploits/33792

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.4

Confidence

Low

EPSS

0.003

Percentile

70.5%

JSON

Related for CVE-2014-3778