Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arris vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-31793
do_request in request.c in muhttpd prior to 1.1.7 allows remote malicious users to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG...
Inglorion Muhttpd
Arris Nvg443 Firmware -
Arris Nvg599 Firmware -
Arris Nvg589 Firmware -
Arris Nvg510 Firmware -
Arris Bgw210 Firmware -
Arris Bgw320 Firmware -
2 Github repositories
NA
CVE-2015-7289
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote malicious users to obtain access via the web management interface, SSH, TELNET,...
Arris Na Model 862 Gw Mono Firmware Ts0703128 100611
Arris Na Model 862 Gw Mono Firmware Ts0703135 112211
Arris Na Model 862 Gw Mono Firmware Ts0705125d 031115
Arris Na Model 862 Gw Mono Firmware Ts070593c 073013
Arris Na Model 862 Gw Mono Firmware Ts0705125 062314
NA
CVE-2015-7290
Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote malicious users to inject arbitrary web script or HTML via the pwd parameter.
Arris Na Model 862 Gw Mono Firmware Ts0705125d 031115
Arris Na Model 862 Gw Mono Firmware Ts0705125 062314
Arris Na Model 862 Gw Mono Firmware Ts070593c 073013
Arris Na Model 862 Gw Mono Firmware Ts0703128 100611
Arris Na Model 862 Gw Mono Firmware Ts0703135 112211
NA
CVE-2015-7291
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote malicious users to hijack the authentication of arbitrary users.
Arris Na Model 862 Gw Mono Firmware Ts0703135 112211
Arris Na Model 862 Gw Mono Firmware Ts0705125 062314
Arris Na Model 862 Gw Mono Firmware Ts0703128 100611
Arris Na Model 862 Gw Mono Firmware Ts0705125d 031115
Arris Na Model 862 Gw Mono Firmware Ts070593c 073013
NA
CVE-2009-5149
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote malicious users to obtain access via the web management interface, related to a "password of the day"...
Arris Na Model 862 Gw Mono Firmware Ts0705125d 031115
Arris Na Model 862 Gw Mono Firmware Ts070593c 073013
Arris Na Model 862 Gw Mono Firmware Ts0703135 112211
Arris Na Model 862 Gw Mono Firmware Ts0705125 062314
Arris Na Model 862 Gw Mono Firmware Ts0703128 100611
9.8
CVSSv3
CVE-2023-40039
An issue exists on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.
Arris Tg852g Firmware -
Arris Tg862g Firmware -
Arris Tg1672g Firmware -
NA
CVE-2014-4863
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote malicious users to obtain sensitive password, key, and SSID information via an SNMP request.
Arris Touchstone Dg950a Software 7.10.131
Arris Touchstone Dg950a -
8.8
CVSSv3
CVE-2023-40038
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
Arris Dg860a Firmware -
Arris Dg1670a Firmware Ts0901203b6 020420 16xx.gw Pc20 Tw
9.8
CVSSv3
CVE-2022-26993
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows malicious users to...
Arris Sbr-ac1900p Firmware 1.0.7-b05
Arris Sbr-ac3200p Firmware 1.0.7-b05
Arris Sbr-ac1200p Firmware 1.0.5-b05
9.8
CVSSv3
CVE-2022-26994
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows malicious users to execute arbitrary ...
Arris Sbr-ac1900p Firmware 1.0.7-b05
Arris Sbr-ac3200p Firmware 1.0.7-b05
Arris Sbr-ac1200p Firmware 1.0.5-b05
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »