Vulnerabilities > Commscope > Arris Tg1682G Firmware > 9.1.103j6
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-14 | CVE-2018-10990 | Insufficient Session Expiration vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6 On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). | 8.0 |
| 2018-05-14 | CVE-2018-10989 | Insecure Default Initialization of Resource vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6 Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. | 6.6 |