Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2017-07-31 CVE-2017-9490 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.
network
low complexity
cisco arris CWE-352
8.8
2017-07-31 CVE-2017-9489 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF.
network
low complexity
cisco commscope CWE-352
8.8
2017-07-31 CVE-2017-9488 Use of Hard-coded Credentials vulnerability in Cisco Dpc3939 Firmware and Dpc3941T Firmware
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) and DPC3941T (firmware version DPC3941_2.5s3_PROD_sey) devices allows remote attackers to access the web UI by establishing a session to the wan0 WAN IPv6 address and then entering unspecified hardcoded credentials.
low complexity
cisco CWE-798
8.8
2017-07-31 CVE-2017-9486 Information Exposure vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to compute password-of-the-day values via unspecified vectors.
network
low complexity
cisco CWE-200
7.5
2017-07-31 CVE-2017-9485 Unspecified vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leveraging the device's operation in UI dev mode.
network
low complexity
cisco
7.5
2017-07-31 CVE-2017-9484 Information Exposure vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421733160420Acmcst/Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover a CM MAC address by sniffing Wi-Fi traffic and performing simple arithmetic calculations.
network
low complexity
cisco CWE-200
7.5
2017-07-31 CVE-2017-9481 Unspecified vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/16 IP network by adding a routing-table entry that specifies the LAN IP address as the router for that network.
network
low complexity
cisco
7.5
2017-07-31 CVE-2017-9478 Information Exposure vulnerability in Cisco Dpc3939 Firmware Dpc3939P2018V303R20421733160420Acmcst/Dpc3939P2018V303R20421746170221Acmcst
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname.
network
low complexity
cisco CWE-200
7.5
2017-07-30 CVE-2017-11756 Unrestricted Upload of File with Dangerous Type vulnerability in Earcms EAR Music 4.1
In Earcms Ear Music through 4.1 build 20170710, remote authenticated users can execute arbitrary PHP code by changing the allowable music-upload extensions to include .php in addition to .mp3 and .m4a in admin.php?iframe=config_upload, and then using user.php/music/add/ to upload the code.
local
high complexity
earcms CWE-434
7.0
2017-07-30 CVE-2017-11692 Reachable Assertion vulnerability in Yaml-Cpp Project Yaml-Cpp
The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string.
network
low complexity
yaml-cpp-project CWE-617
7.5