CVE-2017-9488

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials. This wan0 interface cannot be accessed from the public Internet.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421746-170221a-cmcst:*:*:*:*:*:*:*
cpe:2.3:h:cisco:dpc3939:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:dpc3941t_firmware:dpc3941_2.5s3_prod_sey:*:*:*:*:*:*:*
cpe:2.3:h:cisco:dpc3941t:-:*:*:*:*:*:*:*

Information

Published : 2017-07-30 20:29

Updated : 2017-08-02 08:44


NVD link : CVE-2017-9488

Mitre link : CVE-2017-9488


JSON object : View

CWE
CWE-798

Use of Hard-coded Credentials

Advertisement

dedicated server usa

Products Affected

cisco

  • dpc3941t
  • dpc3939_firmware
  • dpc3941t_firmware
  • dpc3939