Remote Access Vulnerability in Cisco DPC3939 and DPC3941T Devices
CVE-2017-9488

8.8HIGH

Key Information:

Vendor: Cisco
Status: Dpc3939 Firmware
Vendor: CVE Published:; 31 July 2017

Summary

The firmware on certain Cisco DPC3939 and DPC3941T devices contains a vulnerability that enables remote attackers to exploit the web UI interface. By leveraging a session initiated to the wan0 interface's IPv6 address, attackers can gain unauthorized access using hardcoded credentials. This interface is not directly accessible from the public Internet, indicating a potential risk primarily from internal or certain external network sources. Users are advised to check and secure their firmware.

References

https://github.com/BastilleResearch/CableTap/blob/master/...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 31, 2017
Vulnerability Reserved
Jun 7, 2017