Vulnerabilities > Commscope > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-04-15 CVE-2023-27571 Missing Authentication for Critical Function vulnerability in Commscope Dg3450 Firmware Ar01.02.056.18041520711.Ncs.10
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10.
network
low complexity
commscope CWE-306
5.3
2023-04-15 CVE-2023-27572 Cross-site Scripting vulnerability in Commscope Dg3450 Firmware Ar01.02.056.18041520711.Ncs.10
An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10.
network
low complexity
commscope CWE-79
6.1
2021-07-07 CVE-2021-33215 Path Traversal vulnerability in Commscope Ruckus IOT Controller 1.7.1.0
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier.
network
low complexity
commscope CWE-22
4.3
2020-05-05 CVE-2020-8033 Cross-site Scripting vulnerability in Commscope Ruckus Zoneflex R500 Firmware 3.4.2.0.384
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
network
low complexity
commscope CWE-79
6.1
2018-05-14 CVE-2018-10989 Insecure Default Initialization of Resource vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network.
network
high complexity
commscope CWE-1188
6.6
2017-11-16 CVE-2017-16836 Cross-site Scripting vulnerability in Commscope Arris Tg1682G Firmware 10.0.59.Sip.Pc20.Ct
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
network
low complexity
commscope CWE-79
6.1
2017-07-31 CVE-2017-9491 Information Exposure vulnerability in multiple products
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
network
low complexity
cisco commscope CWE-200
5.3
2017-07-31 CVE-2017-9476 Information Exposure vulnerability in multiple products
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network.
low complexity
cisco commscope CWE-200
6.5