CVE-2017-9485

Name of the Vulnerable Software and Affected Versions Cisco DPC3939 version dpc3939-P20-18-v303r20421746-170221a-CMCST

Description The issue allows remote attackers to write arbitrary data to a known pathname, specifically /var/tmp/sess *, by leveraging the device's operation in UI dev mode.

Recommendations For Cisco DPC3939 version dpc3939-P20-18-v303r20421746-170221a-CMCST, consider disabling the UI dev mode as a temporary workaround to minimize the risk of exploitation. Restrict access to the /var/tmp/sess * pathname to prevent arbitrary data writes until a patch is available.