PT-2017-18960 · Arris · Arris Tg1682G

Chris Grayson

Published

2017-07-31

Updated

2017-08-08

CVE-2017-9490

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Arris TG1682G devices with Comcast firmware, versions 10.0.132.SIP.PC20.CT, software version TG1682 2.2p7s2 PROD sey

Description The issue allows configuration changes via CSRF, which can be exploited to make unauthorized changes to the device settings.

Recommendations For Arris TG1682G devices with Comcast firmware, version 10.0.132.SIP.PC20.CT, software version TG1682 2.2p7s2 PROD sey, consider disabling web management access until a patch is available to prevent exploitation via CSRF.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2017-9490

Affected Products

Arris Tg1682G

PT-2017-18960 · Arris · Arris Tg1682G

CVE-2017-9490

Weakness Enumeration

Related Identifiers

Affected Products

References · 3