CVE-2014-3778

Name of the Vulnerable Software and Affected Versions ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem (affected versions not specified)

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The affected requests include changing the DNS service via the DdnsService parameter, changing the username via the DdnsUserName parameter, changing the password via the DdnsPassword parameter, and changing the host name via the DdnsHostName parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.