Vulnerability Details CVE-2023-27571
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 41.2%
CVSS Severity
CVSS v3 Score 5.3
References
- https://sec-consult.com/en/vulnerability-lab/advisories/index.html
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/
- https://www.sec-consult.com/en/blog/
- https://sec-consult.com/en/vulnerability-lab/advisories/index.html
- https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/
- https://www.sec-consult.com/en/blog/
Products affected by CVE-2023-27571
-
cpe:2.3:h:commscope:dg3450:-
-
cpe:2.3:o:commscope:dg3450_firmware:ar01.02.056.18_041520_711.ncs.10