Vulnerabilities > CVE-2021-20119 - Incorrect Authorization vulnerability in Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01112320193.0A.Nsh

CVSS 4.9 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

commscope

CWE-863

NVD

Published: 2021-11-09

Updated: 2021-11-15

Summary

The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.

Vulnerable Configurations

Part	Description	Count
OS	Commscope Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01_112320_193.0A.Nsh	1
Hardware	Commscope Commscope Arris Surfboard Sb8200 -	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.tenable.com/security/research/tra-2021-49