VYPR

Touchstone TG862G/CT Telephony Gateway

by Arris

CVEs (4)

  • CVE-2018-10990HigMay 14, 2018
    risk 0.52cvss 8.0epss 0.01

    On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least…

  • CVE-2018-10989MedMay 14, 2018
    risk 0.43cvss 6.6epss 0.01

    Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access…

  • CVE-2014-5438Dec 17, 2014
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

  • CVE-2014-5437Dec 17, 2014
    risk 0.00cvss epss 0.01

    Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to…