Blessen Thomas

**Name of the Vulnerable Software and Affected Versions** ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem (affected versions not specified) **Description** The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities. These vulnerabilities allow remote attackers to hijack the authentication of administrators for specific requests. The affected requests include changing the DNS service via the `DdnsService` parameter, changing the username via the `DdnsUserName` parameter, changing the password via the `DdnsPassword` parameter, and changing the host name via the `DdnsHostName` parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.