Vulnerabilities > Arris > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-27 | CVE-2023-40038 | Improper Authentication vulnerability in Arris Dg1670A Firmware and Dg860A Firmware Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. | 8.8 |
| 2022-08-04 | CVE-2022-31793 | Path Traversal vulnerability in multiple products do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. | 7.5 |
| 2020-01-29 | CVE-2020-8438 | OS Command Injection vulnerability in Arris Ruckus Zoneflex R500 Firmware 104.0.0.0.1347 Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. | 7.2 |
| 2017-07-31 | CVE-2017-9490 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | 8.8 |