Vulnerabilities > CVE-2018-10989 - Insecure Default Initialization of Resource vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6

CVSS 6.6 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

commscope

CWE-1188

NVD

Published: 2018-05-14

Updated: 2023-11-07

Summary

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."

Vulnerable Configurations

Part	Description	Count
OS	Commscope Commscope Arris Tg1682G Firmware 9.1.103J6	1
Hardware	Commscope Commscope Arris Tg1682G -	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://medium.com/%40AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c