Vulnerabilities > Arris
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-09-03 | CVE-2017-14117 | Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | 4.3 |
| 2017-09-03 | CVE-2017-14116 | Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support. | 9.3 |
| 2017-07-31 | CVE-2017-9490 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | 6.8 |
| 2015-11-21 | CVE-2015-7291 | Cross-Site Request Forgery (CSRF) vulnerability in Arris NA Model 862 GW Mono Firmware Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-11-21 | CVE-2015-7290 | Cross-site Scripting vulnerability in Arris NA Model 862 GW Mono Firmware Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter. | 4.3 |
| 2015-11-21 | CVE-2015-7289 | Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP. | 9.3 |
| 2015-11-21 | CVE-2009-5149 | Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue. | 4.3 |
| 2014-12-18 | CVE-2014-9406 | Credentials Management vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. | 10.0 |
| 2014-12-17 | CVE-2014-5438 | Cross-Site Scripting vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. | 3.5 |
| 2014-12-17 | CVE-2014-5437 | Cross-Site Request Forgery (CSRF) vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. | 6.8 |