ID
VAR-201707-1043
CVE
CVE-2017-9478
TITLE
Cisco DPC3939 Vulnerable to information disclosure
Trust: 0.8
DESCRIPTION
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC address to a value with a two-byte offset from the MTA/VoIP MAC address, which indirectly allows remote attackers to discover hidden Home Security Wi-Fi networks by leveraging the embedding of the MTA/VoIP MAC address into the DNS hostname. Cisco DPC3939 Contains an information disclosure vulnerability.Information may be obtained. The Cisco DPC3939 is a wireless voice gateway product from Cisco. A security vulnerability exists in the Cisco DPC3939 firmware. Comcast is a set of US Comcast ( Comcast ) company developed firmware
Trust: 2.25
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
| category: | ['network device'] | sub_category: | gateway | Trust: 0.1 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | dpc3939 | scope: | eq | version: | dpc3939-p20-18-v303r20421733-160420a-cmcst | Trust: 1.6 |
| vendor: | cisco | model: | dpc3939 | scope: | eq | version: | dpc3939-p20-18-v303r20421746-170221a-cmcst | Trust: 1.6 |
| vendor: | cisco | model: | dpc3939 wireless residential voice gateway | scope: | eq | version: | dpc3939-p20-18-v303r20421733-160420a-cmcst | Trust: 0.8 |
| vendor: | cisco | model: | dpc3939 wireless residential voice gateway | scope: | eq | version: | dpc3939-p20-18-v303r20421746-170221a-cmcst | Trust: 0.8 |
| vendor: | cisco | model: | dpc3939 dpc3939-p20-18-v303r20421746-170221a-cmcst | scope: | - | version: | - | Trust: 0.6 |
| vendor: | cisco | model: | dpc3939 dpc3939-p20-18-v303r20421733-160420a-cmcst | scope: | - | version: | - | Trust: 0.6 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | トップページ | url: | https://www.cisco.com/c/ja_jp/index.html | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-9478 | Trust: 3.2 |
| db: | JVNDB | id: | JVNDB-2017-006591 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201706-271 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2017-27790 | Trust: 0.6 |
| db: | OTHER | id: | NONE | Trust: 0.1 |
| db: | VULHUB | id: | VHN-117681 | Trust: 0.1 |
REFERENCES
| url: | https://github.com/bastilleresearch/cabletap/blob/master/doc/advisories/bastille-20.emta-reverse-dns.txt | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-9478 | Trust: 1.4 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9478 | Trust: 0.8 |
| url: | https://ieeexplore.ieee.org/abstract/document/10769424 | Trust: 0.1 |
SOURCES
| db: | OTHER | id: | - |
| db: | CNVD | id: | CNVD-2017-27790 |
| db: | VULHUB | id: | VHN-117681 |
| db: | JVNDB | id: | JVNDB-2017-006591 |
| db: | CNNVD | id: | CNNVD-201706-271 |
| db: | NVD | id: | CVE-2017-9478 |
LAST UPDATE DATE
2025-04-20T22:32:02.129000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2017-27790 | date: | 2017-09-21T00:00:00 |
| db: | VULHUB | id: | VHN-117681 | date: | 2017-08-03T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006591 | date: | 2017-08-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-271 | date: | 2017-11-29T00:00:00 |
| db: | NVD | id: | CVE-2017-9478 | date: | 2025-04-20T01:37:25.860 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2017-27790 | date: | 2017-09-21T00:00:00 |
| db: | VULHUB | id: | VHN-117681 | date: | 2017-07-31T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-006591 | date: | 2017-08-30T00:00:00 |
| db: | CNNVD | id: | CNNVD-201706-271 | date: | 2017-06-09T00:00:00 |
| db: | NVD | id: | CVE-2017-9478 | date: | 2017-07-31T03:29:00.300 |