CVE-2017-9521
First published: Mon Jul 31 2017(Updated: )
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco DPC3939B Firmware | =dpc3939-p20-18-v303r20421733-160420a-cmcst | |
| Cisco DPC3939B Firmware | ||
| Cisco DPC3939B Firmware | =dpc3939-p20-18-v303r20421746-170221a-cmcst | |
| Cisco DPC3939B Firmware | =dpc3939b-v303r204217-150321a-cmcst | |
| Cisco DPC3939B Firmware | ||
| Cisco DPC3941T Firmware | =dpc3941_2.5s3_prod_sey | |
| Cisco DPC3941T Firmware | ||
| Commscope Arris TG1682G | =10.0.132.sip.pc20.ct | |
| Commscope Arris TG1682G | =tg1682_2.2p7s2_prod_sey | |
| Commscope Arris TG1682G Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-9521?
CVE-2017-9521 is classified as a high-severity vulnerability due to its potential for exploitation.
How do I fix CVE-2017-9521?
To mitigate CVE-2017-9521, upgrade the firmware on affected Cisco and Commscope device models to the latest patched versions.
Which devices are affected by CVE-2017-9521?
CVE-2017-9521 affects Cisco DPC3939, DPC3939B, DPC3941T, and certain Commscope Arris TG1682G firmware versions.
What could happen if CVE-2017-9521 is exploited?
Exploitation of CVE-2017-9521 could lead to unauthorized access or control over affected Cisco and Commscope devices.
Is there a workaround for CVE-2017-9521?
Until a firmware update is applied, limiting access to the device’s management interfaces can serve as a temporary workaround for CVE-2017-9521.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco dpc3939b firmware
- version/cisco dpc3939b firmware/dpc3939-p20-18-v303r20421733-160420a-cmcst
- version/cisco dpc3939b firmware/dpc3939-p20-18-v303r20421746-170221a-cmcst
- version/cisco dpc3939b firmware/dpc3939b-v303r204217-150321a-cmcst
- canonical/cisco dpc3941t firmware
- version/cisco dpc3941t firmware/dpc3941_2.5s3_prod_sey
- vendor/commscope
- canonical/commscope arris tg1682g
- version/commscope arris tg1682g/10.0.132.sip.pc20.ct
- version/commscope arris tg1682g/tg1682_2.2p7s2_prod_sey
- canonical/commscope arris tg1682g firmware