Vulnerabilities > Arris > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-27 CVE-2023-40038 Improper Authentication vulnerability in Arris Dg1670A Firmware and Dg860A Firmware
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access.
low complexity
arris CWE-287
8.8
2022-08-04 CVE-2022-31793 Path Traversal vulnerability in multiple products
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem.
network
low complexity
inglorion arris CWE-22
7.5
2020-01-29 CVE-2020-8438 OS Command Injection vulnerability in Arris Ruckus Zoneflex R500 Firmware 104.0.0.0.1347
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.
network
low complexity
arris CWE-78
7.2
2017-07-31 CVE-2017-9490 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.
network
low complexity
cisco arris CWE-352
8.8