Details of VAR-201406-0395

ID

VAR-201406-0395

CVE

CVE-2014-3778

TITLE

ARRIS SBG901 SURFboard Wireless Cable Modem of goform/RgDdns Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2014-003001

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter. The Motorola SBG901 modem is a router device. The Motorola SBG901 modem has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. An attacker can exploit this issue to perform certain unauthorized actions. This may lead to further attacks

Trust: 2.43

sources: NVD: CVE-2014-3778 // JVNDB: JVNDB-2014-003001 // CNVD: CNVD-2014-03873 // BID: 68103

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03873

AFFECTED PRODUCTS

vendor:	commscope	model:	arris sbg901	scope:	eq	version:	-	Trust: 1.0
vendor:	arris group	model:	sbg901 surfboard wireless cable modem	scope:	-	version:	-	Trust: 0.8
vendor:	motorola	model:	sbg901 modem	scope:	-	version:	-	Trust: 0.6
vendor:	arris	model:	sbg901	scope:	eq	version:	-	Trust: 0.6
vendor:	motorola	model:	sbg901	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2014-03873 // BID: 68103 // JVNDB: JVNDB-2014-003001 // CNNVD: CNNVD-201406-442 // NVD: CVE-2014-3778

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3778
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3778
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03873
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201406-442
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-3778
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03873
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-03873 // JVNDB: JVNDB-2014-003001 // CNNVD: CNNVD-201406-442 // NVD: CVE-2014-3778

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2014-003001 // NVD: CVE-2014-3778

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-442

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201406-442

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-003001

PATCH

title:	Modems and Gateways	url:	http://www.arrisi.com/modems/	Trust: 0.8
title:	Patch for Motorola SBG901 Cross-Site Request Forgery Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/46738	Trust: 0.6

sources: CNVD: CNVD-2014-03873 // JVNDB: JVNDB-2014-003001

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3778	Trust: 3.3
db:	EXPLOIT-DB	id:	33792	Trust: 3.0
db:	BID	id:	68103	Trust: 0.9
db:	JVNDB	id:	JVNDB-2014-003001	Trust: 0.8
db:	EXPLOITDB	id:	33792	Trust: 0.6
db:	CNVD	id:	CNVD-2014-03873	Trust: 0.6
db:	CNNVD	id:	CNNVD-201406-442	Trust: 0.6

sources: CNVD: CNVD-2014-03873 // BID: 68103 // JVNDB: JVNDB-2014-003001 // CNNVD: CNNVD-201406-442 // NVD: CVE-2014-3778

REFERENCES

url:	http://www.exploit-db.com/exploits/33792	Trust: 1.6
url:	http://www.exploit-db.com/exploits/33792/	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3778	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3778	Trust: 0.8
url:	http://www.arrisi.com/modems/	Trust: 0.3

sources: CNVD: CNVD-2014-03873 // BID: 68103 // JVNDB: JVNDB-2014-003001 // CNNVD: CNNVD-201406-442 // NVD: CVE-2014-3778

CREDITS

Blessen Thomas

Trust: 0.3

sources: BID: 68103

SOURCES

db:	CNVD	id:	CNVD-2014-03873
db:	BID	id:	68103
db:	JVNDB	id:	JVNDB-2014-003001
db:	CNNVD	id:	CNNVD-201406-442
db:	NVD	id:	CVE-2014-3778

LAST UPDATE DATE

2025-04-12T23:13:20.866000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03873	date:	2014-06-25T00:00:00
db:	BID	id:	68103	date:	2014-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-003001	date:	2014-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201406-442	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2014-3778	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03873	date:	2014-06-25T00:00:00
db:	BID	id:	68103	date:	2014-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-003001	date:	2014-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201406-442	date:	2014-06-20T00:00:00
db:	NVD	id:	CVE-2014-3778	date:	2014-06-19T14:55:07.253