Vulnerabilities > Arris > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-45028 Cross-site Scripting vulnerability in Arris Nvg443B Firmware 9.3.0H3D36
A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.
network
low complexity
arris CWE-79
6.1
2018-12-23 CVE-2018-20383 Insufficiently Protected Credentials vulnerability in multiple products
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
network
low complexity
commscope arris CWE-522
5.0
2017-09-03 CVE-2017-14117 Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values.
network
att arris CWE-287
4.3
2017-07-31 CVE-2017-9490 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF.
network
cisco arris CWE-352
6.8
2015-11-21 CVE-2015-7291 Cross-Site Request Forgery (CSRF) vulnerability in Arris NA Model 862 GW Mono Firmware
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users.
network
arris CWE-352
6.8
2015-11-21 CVE-2015-7290 Cross-site Scripting vulnerability in Arris NA Model 862 GW Mono Firmware
Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter.
network
arris CWE-79
4.3
2015-11-21 CVE-2009-5149 Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.
network
arris CWE-255
4.3
2014-12-17 CVE-2014-5437 Cross-Site Request Forgery (CSRF) vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php.
network
arris CWE-352
6.8
2014-09-05 CVE-2014-4863 Information Exposure vulnerability in Arris Touchstone Dg950A and Touchstone Dg950A Software
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.
network
low complexity
arris CWE-200
5.0