First published: Mon Jul 31 2017(Updated: )
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Dpc3939 Firmware | =dpc3939-p20-18-v303r20421746-170221a-cmcst | |
Cisco DPC3939 | ||
Cisco Dpc3939 Firmware | =dpc3939-p20-18-v303r20421733-160420a-cmcst |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-9478 is high, with a score of 7.5.
CVE-2017-9478 affects Cisco DPC3939 devices with specific firmware versions dpc3939-P20-18-v303r20421733-160420a-CMCST and dpc3939-P20-18-v303r20421746-170221a-CMCST.
To fix CVE-2017-9478, upgrade the firmware of the Cisco DPC3939 to a non-vulnerable version.
CVE-2017-9478 allows remote attackers to exploit MAC address offsets, potentially leading to unauthorized access.
There is no known workaround for CVE-2017-9478 other than applying the firmware update.