CVE-2023-27571

CVSS V2 None CVSS V3 None
Description
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
Overview
  • CVE ID
  • CVE-2023-27571
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-04-15T00:15:07
  • Last Modified Date
  • 2023-04-21T03:46:20
Weakness Enumerations
CWE URL
CWE-306 http://cwe.mitre.org/data/definitions/306.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:commscope:dg3450_firmware:ar01.02.056.18_041520_711.ncs.10:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:commscope:dg3450:-:*:*:*:*:*:*:* 0 OR
References
Reference URL Reference Tags
https://sec-consult.com/en/vulnerability-lab/advisories/index.html
https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway/
https://www.sec-consult.com/en/blog/
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2023-27571
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27571
History
Created Old Value New Value Data Type Notes
2023-04-17 04:45:59 Added to TrackCVE
2023-04-20 13:00:51 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-04-21 04:01:12 2023-04-21T03:46:20 CVE Modified Date updated
2023-04-21 04:01:13 Undergoing Analysis Analyzed Vulnerability Status updated
2023-04-21 04:01:14 Weakness Enumeration new
2023-04-21 04:01:14 CPE Information updated