CVE-2015-7289

2015-11-2111:59:16

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.004

Percentile

75.1%

JSON

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP.

Affected configurations

Nvd

Node

arrisna_model_862_gw_mono_firmwareMatchts070593c_073013

arrisna_model_862_gw_mono_firmwareMatchts0703128_100611

arrisna_model_862_gw_mono_firmwareMatchts0703135_112211

arrisna_model_862_gw_mono_firmwareMatchts0705125_062314

arrisna_model_862_gw_mono_firmwareMatchts0705125d_031115

AND

arrisdg860a

arristg862a

arristg862g

VendorProductVersionCPE
arrisna_model_862_gw_mono_firmwarets070593c_073013cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts070593c_073013:*:*:*:*:*:*:*
arrisna_model_862_gw_mono_firmwarets0703128_100611cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703128_100611:*:*:*:*:*:*:*
arrisna_model_862_gw_mono_firmwarets0703135_112211cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703135_112211:*:*:*:*:*:*:*
arrisna_model_862_gw_mono_firmwarets0705125_062314cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125_062314:*:*:*:*:*:*:*
arrisna_model_862_gw_mono_firmwarets0705125d_031115cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125d_031115:*:*:*:*:*:*:*
arrisdg860a*cpe:2.3:h:arris:dg860a:*:*:*:*:*:*:*:*
arristg862a*cpe:2.3:h:arris:tg862a:*:*:*:*:*:*:*:*
arristg862g*cpe:2.3:h:arris:tg862g:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
arris	na_model_862_gw_mono_firmware	ts070593c_073013	cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts070593c_073013:::::::*
arris	na_model_862_gw_mono_firmware	ts0703128_100611	cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703128_100611:::::::*
arris	na_model_862_gw_mono_firmware	ts0703135_112211	cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703135_112211:::::::*
arris	na_model_862_gw_mono_firmware	ts0705125_062314	cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125_062314:::::::*
arris	na_model_862_gw_mono_firmware	ts0705125d_031115	cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125d_031115:::::::*
arris	dg860a	*	cpe:2.3:h:arris:dg860a::::::::
arris	tg862a	*	cpe:2.3:h:arris:tg862a::::::::
arris	tg862g	*	cpe:2.3:h:arris:tg862g::::::::