Lucene search
HistoryNov 21, 2015 - 11:59 a.m.
CVE-2015-7291
cve-2015-7291
csrf
vulnerability
web management
arris
firmware
remote attackers
authentication
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.7%
Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users.
Affected configurations
Node
arrisna_model_862_gw_mono_firmwareMatchts070593c_073013
ORarrisna_model_862_gw_mono_firmwareMatchts0703128_100611
ORarrisna_model_862_gw_mono_firmwareMatchts0703135_112211
ORarrisna_model_862_gw_mono_firmwareMatchts0705125_062314
ORarrisna_model_862_gw_mono_firmwareMatchts0705125d_031115
arrisdg860a
ORarristg862a
ORarristg862g
References
Related
nvd
nvd
CVE-2015-7291
2015-11-21 11:59:19
cvelist
cvelist
CVE-2015-7291
2015-11-21 11:00:00
prion
prion
Cross site request forgery (csrf)
2015-11-21 11:59:00
kaspersky
kaspersky
KLA10704 Multiple vulnerabilities in ARRIS cable modems.
2015-12-03 00:00:00
cert
cert
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.7%
Related for CVE-2015-7291