Cross site request forgery (csrf)

2017-07-3103:29:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.9%

JSON

The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.

CPENameOperatorVersion
dpc3939b_firmwareeqdpc3939bv303r204217150321acmcst
arris_tg1682g_firmwareeq10.0.132-sip-pc20-ct
arris_tg1682g_firmwareeqtg16822.2p7s2prodsey

Name	Operator	Version
dpc3939b_firmware	eq	dpc3939bv303r204217150321acmcst
arris_tg1682g_firmware	eq	10.0.132-sip-pc20-ct
arris_tg1682g_firmware	eq	tg16822.2p7s2prodsey

References

github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-33.cross-site-request-forgery.txt