CVE-2017-9476

moderate-risk
Published 2017-07-31

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network.

Do I need to act?

!
16.1% chance of exploitation in next 30 days
EPSS score — higher than 84% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.5/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (4)

Arris Tg1682G Firmware
Arris Tg1682G Firmware
Dpc3939 Firmware
Dpc3939 Firmware

Affected Vendors

Commscope Cisco

References (2)

Exploit https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille...
Exploit https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille...
44
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 13/34 · Low
Exposure 10/34 · Low