CVE-2017-9491 (CNNVD-201706-226)
中文标题:
多款产品Comcast固件信息泄露漏洞
英文标题:
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST);...
漏洞描述
中文描述:
Cisco DPC3939(XB3)等都是美国思科(Cisco)公司的无线家庭语音网关产品。Arris TG1682G是美国Arris公司的一款调制解调器产品。Comcast是一套运行在网关和调制解调器等设备中的美国康卡斯特(Comcast)公司开发的固件。 多款产品中的Comcast固件存在安全漏洞。远程攻击者可利用该漏洞截图cookie。以下产品和版本受到影响:使用dpc3939-P20-18-v303r20421733-160420a-CMCST版本固件的Cisco DPC3939;使用dpc3939-P20-18-v303r20421746-170221a-CMCST版本固件的Cisco DPC3939;使用dpc3939b-v303r204217-150321a-CMCST版本固件的Cisco DPC3939B;使用DPC3941_2.5s3_PROD_sey版本固件的Cisco DPC3941T;使用10.0.132.SIP.PC20.CT版本和TG1682_2.2p7s2_PROD_sey软件版本的Arris TG1682G。
英文描述:
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
CWE类型:
标签:
受影响产品
| 厂商 | 产品 | 版本 | 版本范围 | 平台 | CPE |
|---|---|---|---|---|---|
| cisco | dpc3939_firmware | dpc3939-p20-18-v303r20421733-160420a-cmcst | - | - |
cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421733-160420a-cmcst:*:*:*:*:*:*:*
|
| cisco | dpc3939_firmware | dpc3939-p20-18-v303r20421746-170221a-cmcst | - | - |
cpe:2.3:o:cisco:dpc3939_firmware:dpc3939-p20-18-v303r20421746-170221a-cmcst:*:*:*:*:*:*:*
|
| cisco | dpc3939b_firmware | dpc3939b-v303r204217-150321a-cmcst | - | - |
cpe:2.3:o:cisco:dpc3939b_firmware:dpc3939b-v303r204217-150321a-cmcst:*:*:*:*:*:*:*
|
| cisco | dpc3941t_firmware | dpc3941_2.5s3_prod_sey | - | - |
cpe:2.3:o:cisco:dpc3941t_firmware:dpc3941_2.5s3_prod_sey:*:*:*:*:*:*:*
|
| commscope | arris_tg1682g_firmware | 10.0.132.sip.pc20.ct | - | - |
cpe:2.3:o:commscope:arris_tg1682g_firmware:10.0.132.sip.pc20.ct:*:*:*:*:*:*:*
|
| commscope | arris_tg1682g_firmware | tg1682_2.2p7s2_prod_sey | - | - |
cpe:2.3:o:commscope:arris_tg1682g_firmware:tg1682_2.2p7s2_prod_sey:*:*:*:*:*:*:*
|
解决方案
中文解决方案:
英文解决方案:
临时解决方案:
参考链接
cve.org
CVSS评分详情
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
时间信息
利用信息
数据源详情
| 数据源 | 记录ID | 版本 | 提取时间 |
|---|---|---|---|
| CVE | cve_CVE-2017-9491 |
2025-11-11 15:19:34 | 2025-11-11 07:34:55 |
| NVD | nvd_CVE-2017-9491 |
2025-11-11 14:55:30 | 2025-11-11 07:43:32 |
| CNNVD | cnnvd_CNNVD-201706-226 |
2025-11-11 15:09:50 | 2025-11-11 07:53:06 |
版本与语言
安全公告
变更历史
查看详细变更
- vulnerability_type: 未提取 -> 信息泄露
- cnnvd_id: 未提取 -> CNNVD-201706-226
- data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
查看详细变更
- cvss_score: 未提取 -> 5.3
- cvss_vector: NOT_EXTRACTED -> CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
- cvss_version: NOT_EXTRACTED -> 3.1
- affected_products_count: 0 -> 6
- data_sources: ['cve'] -> ['cve', 'nvd']