Vulnerabilities > Arris > Tg862A

DATE CVE VULNERABILITY TITLE RISK
2015-11-21 CVE-2015-7291 Cross-Site Request Forgery (CSRF) vulnerability in Arris NA Model 862 GW Mono Firmware
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users.
network
arris CWE-352
6.8
2015-11-21 CVE-2015-7290 Cross-site Scripting vulnerability in Arris NA Model 862 GW Mono Firmware
Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter.
network
arris CWE-79
4.3
2015-11-21 CVE-2015-7289 Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP.
network
arris CWE-255
critical
9.3
2015-11-21 CVE-2009-5149 Credentials Management vulnerability in Arris NA Model 862 GW Mono Firmware
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.
network
arris CWE-255
4.3