Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
arris vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-26999
Arris TR3300 v1.0.13 exists to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows malicious users to execute arbitrary commands via a crafted request...
Commscope Arris Tr3300 Firmware 1.0.13
NA
CVE-2024-25729
Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.)
9.8
CVSSv3
CVE-2022-27000
Arris TR3300 v1.0.13 exists to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows malicious users to execute arbitrary commands via a crafted request...
Commscope Arris Tr3300 Firmware 1.0.13
8.8
CVSSv3
CVE-2021-20120
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
Commscope Arris Surfboard Sb8200 Firmware Ab01.02.053.01 112320 193.0a.nsh
9.8
CVSSv3
CVE-2019-15806
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can...
Commscope Tr4400 Firmware
9.8
CVSSv3
CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can expl...
Commscope Tr4400 Firmware
5.9
CVSSv3
CVE-2017-14117
The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures an unauthenticated proxy service on WAN TCP port 49152, which allows remote malicious users to establish arbitrary TCP connections to intranet hosts ...
Att U-verse Firmware 9.2.2h0d83
6.5
CVSSv3
CVE-2017-9476
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_...
Cisco Dpc3939 Firmware Dpc3939-p20-18-v303r20421746-170221a-cmcst
Cisco Dpc3939 Firmware Dpc3939-p20-18-v303r20421733-160420a-cmcst
Commscope Arris Tg1682g Firmware 10.0.132.sip.pc20.ct
Commscope Arris Tg1682g Firmware Tg1682 2.2p7s2 Prod Sey
6 Github repositories
NA
CVE-2024-5195
A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The explo...
NA
CVE-2024-5194
A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The ex...
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
command injection
CVE-2021-47511
CVE-2024-26238
CVE-2024-4858
CVE-2024-21305
XXE
CVE-2021-47555
CVE-2021-47526
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »