21 matches found
EUVD-2014-5326
Malware in sbrugna...
EUVD-2018-3040
Malware in sbrugna...
EUVD-2014-9227
Malware in sbrugna...
Arris Touchstone TG1672 Credential Disclosure
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ================================================================================ Title: Arris Touchstone TG1672 Administrative Login Vulnerabilities Product: Arris Touchstone TG1672 Version: TS0901103AS09221616XX.GWSIP most likely other versions...
Default credentials
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by...
Design/Logic Flaw
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...
CVE-2018-10989
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by...
ARRIS Touchstone TG862G/CT Telephony Gateway Security Mechanism Bypass Vulnerability
The ARRIS Touchstone TG862G/CT Telephony Gateway is an all-in-one Modem modem router from the Arris Group of Companies. A security mechanism bypass vulnerability exists in ARRIS Touchstone TG862G/CT Telephony Gateway 7.6.59S.CT that allows remote attackers to obtain the default password for acces...
CVE-2014-9406
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to homeloggedout.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote management via a request to remotemanagement.php, 2...
CVE-2014-5437
Multiple cross-site request forgery CSRF vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote management via a request to remotemanagement.php, 2...
Cross site scripting
Cross-site scripting XSS vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computername parameter to connecteddevicescomputersedit.php...
CVE-2014-5437
CVE-2014-5437 affects Arris Touchstone TG862G/CT Telephony Gateway (firmware 7.6.59S.CT and earlier). Reported CSRF vulnerabilities allow remote attackers to hijack administrator authentication to perform admin actions via requests to remote_management.php (enable remote management), port_forward...
CVE-2014-5438
CVE-2014-5438 affects ARRIS Touchstone TG862G/CT Telephony Gateway (firmware 7.6.59S.CT and earlier). The vulnerability is a cross-site scripting (XSS) flaw in connected_devices_computers_edit.php, exploitable via the computer_name parameter. Post-authentication remote vectors are demonstrated wi...
CVE-2014-5438
Cross-site scripting XSS vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computername parameter to connecteddevicescomputersedit.php...
Arris Touchstone TG862G/CT Cross Site Request Forgery
----------- Vendor: ----------- Arris Interactive, LLC http://www.arrisi.com/ ISP: Comcast Xfinity ----------------------------------------- Affected Products/Versions: ----------------------------------------- HW: Arris Touchstone TG862G/CT Xfinity branded SW: Version 7.6.59S.CT Tested...
ARRIS Touchstone DG950A SNMP Information Disclosure (CVE-2014-4863)
It is possible to read the plaintext password, SSID, and other sensitive information from the remote ARRIS Touchstone cable modems using an SNMP request. TRUSTED...
CVE-2014-4863
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request...
Design/Logic Flaw
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request...
CVE-2014-4863
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request...