9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.7 High
AI Score
Confidence
Low
0.014 Low
EPSS
Percentile
86.3%
Multiple serious vulnerabilities have been found in ARRIS cable modems. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code.
Below is a complete list of vulnerabilities:
Technical details
Vulnerabilities (2, 3) related to adv_pwd_cgi.
Vulnerability (4) caused by hardcoded administrators password derived from serial number.
CVE-2015-7291 high
CVE-2015-7290 warning
CVE-2009-5149 warning
CVE-2015-7289 critical
Try to avoid using this accessory in accountable issues.
Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.