CVE-2017-9476

MEDIUM

Cisco DPC3939 and Arris TG1682G Firmware - Unauthorized Exposure of Home Security Wi-Fi Credentials

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-9476. PoCs published by wiire-a.

AI-analyzed exploit summary This PoC exploits CVE-2017-9476, a vulnerability in Xfinity cable modems where hidden APs use deterministic WPA PSKs derived from the modem's MAC address. The code calculates the PSK from a given MAC address, allowing unauthorized access to the hidden network.

Description

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network.

Exploits (1)

nomisec WORKING POC 8 stars

by wiire-a · poc

https://github.com/wiire-a/CVE-2017-9476

View Code ZIP pw:eip

This PoC exploits CVE-2017-9476, a vulnerability in Xfinity cable modems where hidden APs use deterministic WPA PSKs derived from the modem's MAC address. The code calculates the PSK from a given MAC address, allowing unauthorized access to the hidden network.

Classification

Working Poc 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Xfinity cable modems (specific versions not specified)

No auth needed

Prerequisites: MAC address of a vulnerable Xfinity cable modem

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-18.home-security-wifi-network.txt

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0170

EPSS Percentile 74.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (4)

cisco/dpc3939_firmware dpc3939-p20-18-v303r20421746-170221a-cmcst

cisco/dpc3939_firmware dpc3939-p20-18-v303r20421733-160420a-cmcst

commscope/arris_tg1682g_firmware 10.0.132.sip.pc20.ct

commscope/arris_tg1682g_firmware tg1682_2.2p7s2_prod_sey

Published Jul 31, 2017

Tracked Since Feb 18, 2026