Vulnerability: Lack of Cross-Site Request Forgery (CSRF) Protection in Arris Surfboard SB8200 Administration Web Interface
CVE-2021-20120 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
Learn more about our Web App Pen Testing.