Vulnerabilities > Arris > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-40039 Unspecified vulnerability in Arris Tg1672G Firmware, Tg852G Firmware and Tg862G Firmware
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices.
network
low complexity
arris
critical
9.8
2022-03-15 CVE-2022-26990 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26991 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26992 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26993 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters.
network
low complexity
arris CWE-78
critical
9.8
2022-03-15 CVE-2022-26994 OS Command Injection vulnerability in Arris products
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters.
network
low complexity
arris CWE-78
critical
9.8
2018-12-23 CVE-2018-20383 Insufficiently Protected Credentials vulnerability in multiple products
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
network
low complexity
commscope arris CWE-522
critical
9.8