KLA10704 Multiple vulnerabilities in ARRIS cable modems.

Multiple serious vulnerabilities have been found in ARRIS cable modems. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code.

Below is a complete list of vulnerabilities:

1. Predictable technician password can be exploited remotely to gain technician privileges;
2. Unknown vulnerability at web management interface can be exploited remotely to gain arbitrary user privileges;
3. Unknown vulnerability at web management initerface can be exploited remotely via a specially designed pwd parameter to inject arbitrary script or HTML;
4. Hardcoded administrator password can be exploited remotely from vectors related to web management interface, SSH, TELNET, SNMP to gain administrator privileges.

Technical details

Vulnerabilities (2, 3) related to adv_pwd_cgi.

Vulnerability (4) caused by hardcoded administrators password derived from serial number.

Original advisories

Vulnerability Notes Database

Related products

Multiple-devices

CVE list

CVE-2015-7291 high

CVE-2015-7290 warning

CVE-2009-5149 warning

CVE-2015-7289 critical

Solution

Try to avoid using this accessory in accountable issues.

Impacts

• CI

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Arris devices DG860A, TG862A, and TG862G with firmware versions from TS0703128_100611 through TS0705125D_031115