16 matches found
EUVD-2014-5325
Malware in sbrugna...
EUVD-2014-9227
Malware in sbrugna...
CVE-2014-9406
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to homeloggedout.php...
CVE-2018-10990
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...
Default credentials
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by...
Design/Logic Flaw
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time e.g., "at least for a few minutes"...
CVE-2018-10990
The CVE-2018-10990 entry affects Arris Touchstone Telephony Gateway TG1682G (version 9.1.103J6). The vulnerability arises because a logout action does not immediately destroy all state related to the validity of the credential cookie, potentially allowing an attacker to retain access for some min...
CVE-2018-10989
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by...
CVE-2014-5438
Cross-site scripting XSS vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computername parameter to connecteddevicescomputersedit.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote management via a request to remotemanagement.php, 2...
Cross site scripting
Cross-site scripting XSS vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computername parameter to connecteddevicescomputersedit.php...
CVE-2014-5438
CVE-2014-5438 affects ARRIS Touchstone TG862G/CT Telephony Gateway (firmware 7.6.59S.CT and earlier). The vulnerability is a cross-site scripting (XSS) flaw in connected_devices_computers_edit.php, exploitable via the computer_name parameter. Post-authentication remote vectors are demonstrated wi...
CVE-2014-5438
Cross-site scripting XSS vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computername parameter to connecteddevicescomputersedit.php...
CVE-2014-5437
Multiple cross-site request forgery CSRF vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote management via a request to remotemanagement.php, 2...
VocalTec VGW120/ VGW480 Telephony Gateway Remote H.225 Denial of Service Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10411/info It has been reported that the VocalTec VGW120 and VGW480 Telephony Gateways are prone to a remote denial of service vulnerability. The issue is reported to exist in the ASN.1/H.323/H.225 stack. A remote attacke...
VocalTec VGW4/8 Telephony Gateway Remote Authentication Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9876/info It has been reported that the VGW4/8 Telephony Gateway is prone to a remote authentication bypass vulnerability via its web configuration tool. The problem is due to a design error in the application that allows...