Vendor
Arris
Products
7
CVEs
13
Across products
31
Status
Private
Products
7- 20 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-9490 | Hig | 0.57 | 8.8 | 0.00 | Jul 31, 2017 | The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows configuration changes via CSRF. | |
| CVE-2014-8424 | 0.07 | — | 0.54 | Nov 28, 2014 | ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. | ||
| CVE-2014-8423 | 0.06 | — | 0.42 | Nov 28, 2014 | Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. | ||
| CVE-2014-4863 | 0.05 | — | 0.24 | Sep 5, 2014 | The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. | ||
| CVE-2014-8425 | 0.04 | — | 0.12 | Nov 28, 2014 | The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. | ||
| CVE-2015-7291 | 0.00 | — | 0.00 | Nov 21, 2015 | Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users. | ||
| CVE-2015-7290 | 0.00 | — | 0.01 | Nov 21, 2015 | Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter. | ||
| CVE-2015-7289 | 0.00 | — | 0.01 | Nov 21, 2015 | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP. | ||
| CVE-2009-5149 | 0.00 | — | 0.01 | Nov 21, 2015 | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue. | ||
| CVE-2014-9406 | 0.00 | — | 0.02 | Dec 18, 2014 | ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. | ||
| CVE-2014-5438 | 0.00 | — | 0.00 | Dec 17, 2014 | Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. | ||
| CVE-2014-5437 | 0.00 | — | 0.00 | Dec 17, 2014 | Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. | ||
| CVE-2007-2796 | 0.00 | — | 0.02 | Jun 12, 2007 | Arris Cadant C3 CMTS allows remote attackers to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option. |