CVE-2023-27571 in Arris DG3450
Summary
by MITRE • 04/15/2023
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 11/18/2025
The vulnerability identified as CVE-2023-27571 affects the DG3450 Cable Gateway device running firmware version AR01.02.056.18_041520_711.NCS.10. This issue resides within the troubleshooting_logs_download.php component which handles log file download functionality. The device operates as a critical network infrastructure element providing cable gateway services to end users. The flaw represents a significant security weakness that undermines the device's access control mechanisms and exposes sensitive operational data to unauthorized parties.
The technical flaw manifests in the lack of session validation within the troubleshooting_logs_download.php script. This script fails to verify the authenticity of session cookies before permitting log file downloads, creating an authentication bypass vulnerability. The absence of proper session management allows any remote attacker to exploit this weakness without requiring valid credentials or authentication tokens. This vulnerability directly maps to CWE-287 which describes improper authentication scenarios where systems fail to adequately verify user identities before granting access to sensitive resources. The implementation flaw stems from insufficient input validation and access control enforcement within the web application layer of the device's management interface.
The operational impact of this vulnerability is severe as it provides attackers with unrestricted access to comprehensive system log files that contain sensitive operational data. These logs typically include network traffic information, user activity records, system events, configuration details, and potentially confidential communications. An attacker could leverage this access to gain insights into the network topology, identify security gaps, understand system behavior patterns, and potentially discover additional vulnerabilities within the device or connected systems. The exposure of such information significantly increases the risk of targeted attacks and compromises the overall security posture of the network infrastructure. This vulnerability aligns with ATT&CK technique T1566 which involves the exploitation of network infrastructure devices to gain unauthorized access to sensitive information and system data.
The security implications extend beyond simple information disclosure as these logs may contain credentials, configuration parameters, or system vulnerabilities that could be exploited in subsequent attack phases. Network administrators should consider this vulnerability as a potential entry point for more sophisticated attacks, including lateral movement within the network or privilege escalation attempts. The device's role as a cable gateway makes it particularly valuable to attackers who could use the compromised logs to understand network communications patterns and potentially conduct man-in-the-middle attacks or traffic interception activities. Organizations should immediately implement mitigations including network segmentation, access control restrictions, and firmware updates to prevent exploitation of this vulnerability.