CVE-2016-7454 Information

Description

CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password open the remote management interface or reset the router.

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/94881 https://packetstormsecurity.com/files/140121/XFINITY-Gateway-Technicolor-DPC3941T-Cross-Site-Request-Forgery.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.0