Vulnerabilities > Commscope > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-23 | CVE-2018-20386 | Insufficiently Protected Credentials vulnerability in Commscope Arris Sbg6580-2 Firmware D30Gwseaeagle1.5.2.5Ga00Nosh ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 5.0 |
| 2018-12-23 | CVE-2018-20383 | Insufficiently Protected Credentials vulnerability in multiple products ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | 5.0 |
| 2018-09-26 | CVE-2018-17555 | Information Exposure vulnerability in Commscope Arris Tg2492Lg-Na Firmware 061213 The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter. | 5.0 |
| 2018-05-14 | CVE-2018-10989 | Insecure Default Initialization of Resource vulnerability in Commscope Arris Tg1682G Firmware 9.1.103J6 Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. | 6.6 |
| 2017-11-16 | CVE-2017-16836 | Cross-site Scripting vulnerability in Commscope Arris Tg1682G Firmware 10.0.59.Sip.Pc20.Ct Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | 4.3 |
| 2017-07-31 | CVE-2017-9492 | Information Exposure vulnerability in multiple products The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | 5.0 |
| 2017-07-31 | CVE-2017-9491 | Information Exposure vulnerability in multiple products The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. | 5.0 |
| 2017-07-31 | CVE-2017-9489 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | 6.8 |
| 2014-06-19 | CVE-2014-3778 | Cross-Site Request Forgery (CSRF) vulnerability in Commscope Arris Sbg901 Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter. | 6.8 |