Vulnerability: Lack of Cross-Site Request Forgery (CSRF) Protection in Arris Surfboard SB8200 Administration Web Interface

CVE-2021-20120 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.

Learn more about our Web App Pen Testing.