# Exploit Title: CSRF XFINITY Gateway product Technicolor(previously Cisco) DPC3941T # Date: 09/08/2016 # Exploit Author: Ayushman Dutta # Version: dpc3941-P20-18-v303r20421733-160413a-CMCST # CVE : CVE-2016-7454 The Device DPC3941T is vulnerable to CSRF and has no security on the entire admin panel for it. Some of the links are at: /actionHandler/ajax_remote_management.php /actionHandler/ajaxSet_wireless_network_configuration_edit.php /actionHandler/ajax_network_diagnostic_tools.php /actionHandler/ajax_at_a_glance.php A simple HTML page with javascript on which the attacker lures the victim can be used to change state in the application. Lets CSRF Xfinity to change Wifi Password