Vulnerabilities > Cisco > Dpc3939 Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-07-31 CVE-2017-9479 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to execute arbitrary commands as root by leveraging local network access and connecting to the syseventd server, as demonstrated by copying configuration data into a readable filesystem.
network
low complexity
cisco CWE-732
critical
 9.8
9.8
2017-07-31 CVE-2017-9482 Incorrect Permission Assignment for Critical Resource vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain root access to the Network Processor (NP) Linux system by enabling a TELNET daemon (through CVE-2017-9479 exploitation) and then establishing a TELNET session.
network
low complexity
cisco CWE-732
critical
 9.8
9.8
2017-07-31 CVE-2017-9483 OS Command Injection vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows Network Processor (NP) Linux users to obtain root access to the Application Processor (AP) Linux system via shell metacharacters in commands.
network
low complexity
cisco CWE-78
critical
 9.8
9.8
2017-07-31 CVE-2017-9521 The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service.
network
low complexity
cisco commscope
critical
 9.8
9.8