Vulnerabilities > Arris > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-13 | CVE-2022-45028 | Cross-site Scripting vulnerability in Arris Nvg443B Firmware 9.3.0H3D36 A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha. | 6.1 |
| 2018-12-23 | CVE-2018-20383 | Insufficiently Protected Credentials vulnerability in multiple products ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 5.0 |
| 2017-09-03 | CVE-2017-14117 | Improper Authentication vulnerability in ATT U-Verse Firmware 9.2.2H0D83 The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote attackers to establish arbitrary TCP connections to intranet hosts by sending \x2a\xce\x01 followed by other predictable values. | 4.3 |
| 2017-07-31 | CVE-2017-9490 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | 6.8 |
| 2015-11-21 | CVE-2015-7291 | Cross-Site Request Forgery (CSRF) vulnerability in Arris NA Model 862 GW Mono Firmware Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
| 2015-11-21 | CVE-2015-7290 | Cross-site Scripting vulnerability in Arris NA Model 862 GW Mono Firmware Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter. | 4.3 |
| 2015-11-21 | CVE-2009-5149 | Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue. | 4.3 |
| 2014-12-17 | CVE-2014-5437 | Cross-Site Request Forgery (CSRF) vulnerability in Arris Touchstone Tg862G/Ct Firmware 7.6.59S.Ct Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. | 6.8 |
| 2014-09-05 | CVE-2014-4863 | Information Exposure vulnerability in Arris Touchstone Dg950A and Touchstone Dg950A Software The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. | 5.0 |