Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arris vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-25729
Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)
9.8
CVSSv3
CVE-2022-26999
Arris TR3300 v1.0.13 exists to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows malicious users to execute arbitrary commands via a crafted request...
Commscope Arris Tr3300 Firmware 1.0.13
9.8
CVSSv3
CVE-2022-27000
Arris TR3300 v1.0.13 exists to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows malicious users to execute arbitrary commands via a crafted request...
Commscope Arris Tr3300 Firmware 1.0.13
8.8
CVSSv3
CVE-2021-20120
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01 112320 193.0a.nsh
9.8
CVSSv3
CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can expl...
Commscope Tr4400 Firmware
9.8
CVSSv3
CVE-2019-15806
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can...
Commscope Tr4400 Firmware
5.9
CVSSv3
CVE-2017-14117
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote malicious users to establish arbitrary TCP connections to intranet hosts ...
Att U-verse Firmware 9.2.2h0d83
6.5
CVSSv3
CVE-2017-9476
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_...
Cisco Dpc3939 Firmware Dpc3939-p20-18-v303r20421746-170221a-cmcst
Cisco Dpc3939 Firmware Dpc3939-p20-18-v303r20421733-160420a-cmcst
Commscope Arris Tg1682g Firmware 10.0.132.sip.pc20.ct
Commscope Arris Tg1682g Firmware Tg1682 2.2p7s2 Prod Sey
6 Github repositories
8.1
CVSSv3
CVE-2017-14116
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access to a caserver https service with the tech account and an empty password, which allows remote malicious users to obtain root privileges by establishing...
Att U-verse Firmware 9.2.2h0d83
8.1
CVSSv3
CVE-2017-14115
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote malicious users to access a "Termin...
Att U-verse Firmware 9.2.2h0d83
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »