Vulnerabilities > Commscope > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-26 | CVE-2018-17555 | Information Exposure vulnerability in Commscope Arris Tg2492Lg-Na Firmware 061213 The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | 7.5 |
| 2018-05-14 | CVE-2018-10990 | Insufficient Session Expiration vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6 On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). | 8.0 |
| 2017-07-31 | CVE-2017-9492 | Information Exposure vulnerability in multiple products The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | 7.5 |
| 2017-07-31 | CVE-2017-9489 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | 8.8 |