Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arris vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-5438
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php...
Arris Touchstone Tg862g\\/ct Firmware
7.2
CVSSv3
CVE-2020-8438
Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated malicious user to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring.
Arris Ruckus Zoneflex R500 Firmware 104.0.0.0.1347
NA
CVE-2014-9406
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and previous versions has a default password of password for the admin account, which makes it easier for remote malicious users to obtain access via a request to home_loggedout.php.
Arris Touchstone Tg862g\\/ct Firmware 7.6.59s.ct
NA
CVE-2007-2796
Arris Cadant C3 CMTS allows remote malicious users to cause a denial of service (service termination) via a malformed IP packet with an invalid IP option.
Arris Cadant C3 Cmts
9.8
CVSSv3
CVE-2018-20383
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote malicious users to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
Commscope Arris Dg950a Firmware 7.10.145
Arris Dg950s Firmware 7.10.145.euro
6.1
CVSSv3
CVE-2017-16836
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
Commscope Arris Tg1682g Firmware 10.0.59.sip.pc20.ct
1 EDB exploit
8.8
CVSSv3
CVE-2022-45701
Arris TG2482A firmware up to and including 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
Commscope Arris Tg2482a Firmware
Commscope Arris Tg2492 Firmware
Commscope Arris Sbg10 Firmware
1 Github repository
5.3
CVSSv3
CVE-2023-27571
An issue exists in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
Commscope Dg3450 Firmware Ar01.02.056.18 041520 711.ncs.10
6.1
CVSSv3
CVE-2023-27572
An issue exists in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability exists in the https_redirect.php web page via the page parameter.
Commscope Dg3450 Firmware Ar01.02.056.18 041520 711.ncs.10
7.5
CVSSv3
CVE-2018-17555
The web component on ARRIS TG2492LG-NA 061213 devices allows remote malicious users to obtain sensitive information via the /snmpGet oids parameter.
Commscope Arris Tg2492lg-na Firmware 061213
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »