CSRF Vulnerability in Technicolor TC DPC3941T Routers
CVE-2016-7454

8HIGH

Key Information:

Vendor: Technicolor
Status: Xfinity Gateway Router Dpc3941t Firmware
Vendor: CVE Published:; 17 December 2016

🔔 Create Technicolor Vulnerability Alert

What is CVE-2016-7454?

This security issue involves a Cross-Site Request Forgery (CSRF) that affects Technicolor TC DPC3941T devices with specific firmware versions. An attacker can exploit this vulnerability to perform unauthorized actions on the router, which include altering the Wi-Fi password, enabling the remote management interface, or resetting the device. This manipulation poses serious risks to the network's integrity and security, allowing potential unauthorized access and control over connected devices.

References

http://www.securityfocus.com/bid/94881

vdb-entryx_refsource_BID

https://packetstormsecurity.com/files/140121/XFINITY-Gate...

x_refsource_MISC

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2016
Vulnerability Reserved
Sep 9, 2016