Vulnerabilities > Arris > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-40039 Unspecified vulnerability in Arris Tg1672G Firmware, Tg852G Firmware and Tg862G Firmware
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices.
network
low complexity
arris
critical
9.8
2022-03-15 CVE-2022-26990 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26991 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26992 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26993 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26994 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters.
network
low complexity
arris CWE-78
critical
9.8
2020-01-29 CVE-2020-8438 OS Command Injection vulnerability in Arris Ruckus Zoneflex R500 Firmware 104.0.0.0.1347
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.
network
low complexity
arris CWE-78
critical
9.0
2017-09-03 CVE-2017-14116 Use of Hard-coded Credentials vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote attackers to obtain root privileges by establishing a session on port 49955 and then installing new software, such as BusyBox with "nc -l" support.
network
att arris CWE-798
critical
9.3
2015-11-21 CVE-2015-7289 Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP.
network
arris CWE-255
critical
9.3
2014-12-18 CVE-2014-9406 Credentials Management vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php.
network
low complexity
arris CWE-255
critical
10.0