Vulnerabilities > Arris
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-27 | CVE-2023-40038 | Improper Authentication vulnerability in Arris Dg1670A Firmware and Dg860A Firmware Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. | 8.8 |
| 2023-09-11 | CVE-2023-40039 | Unspecified vulnerability in Arris Tg1672G Firmware, Tg852G Firmware and Tg862G Firmware An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. | 9.8 |
| 2022-12-13 | CVE-2022-45028 | Cross-site Scripting vulnerability in Arris Nvg443B Firmware 9.3.0H3D36 A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. | 6.1 |
| 2022-08-04 | CVE-2022-31793 | Path Traversal vulnerability in multiple products do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. | 7.5 |
| 2022-03-15 | CVE-2022-26990 | OS Command Injection vulnerability in Arris products Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. | 9.8 |
| 2022-03-15 | CVE-2022-26991 | OS Command Injection vulnerability in Arris products Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. | 9.8 |
| 2022-03-15 | CVE-2022-26992 | OS Command Injection vulnerability in Arris products Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. | 9.8 |
| 2022-03-15 | CVE-2022-26993 | OS Command Injection vulnerability in Arris products Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. | 9.8 |
| 2022-03-15 | CVE-2022-26994 | OS Command Injection vulnerability in Arris products Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. | 9.8 |
| 2020-01-29 | CVE-2020-8438 | OS Command Injection vulnerability in Arris Ruckus Zoneflex R500 Firmware 104.0.0.0.1347 Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. | 7.2 |