← back
CVE-2017-16836

CVE-2017-16836

EPSS 2.0%
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
Affected products
n/a · n/a
public PoCs found3
cve_referencepacketstormsecurity.com/files/134288/Arris-TG1682G-Modem-Cross-Site-Scripting.htmlunverifiedcve_referencewww.exploit-db.com/exploits/38657/unverifiedexploitdbwww.exploit-db.com/exploits/38657unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://packetstormsecurity.com/files/134288/Arris-TG1682G-Modem-Cross-Site-Scripting.htmlhttps://www.exploit-db.com/exploits/38657/