CVE-2023-40039

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by observing a beacon frame...

CVE-2023-40039

The CVE-2023-40039 issue affects ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker within Wi‑Fi proximity can derive the default WPA2‑PSK by observing beacon frames, enabling potential unauthorized access to the network (impact described as total). Public details consistently identify ...

ARRIS TG852G Security Vulnerability

The ARRIS TG852G is a router from ARRIS. A security vulnerability exists in the ARRIS TG852G, TG862G, and TG1672G, which stems from a vulnerability that allows an attacker to obtain the default WPA2-PSK value by observing beacon frames...

PT-2023-27230 · Arris · Arris Tg862G +2

Name of the Vulnerable Software and Affected Versions: ARRIS TG852G affected versions not specified ARRIS TG862G affected versions not specified ARRIS TG1672G affected versions not specified Description: A remote attacker in proximity to a Wi-Fi network can derive the default WPA2-PSK value by...

Trust Management Vulnerability in Multiple Arris Devices (CNVD-2015-07832)

The Arris DG860A, TG862A and TG862G are modem products from the Arris Group of Companies. A security vulnerability exists in a number of Arris devices that stems from the program's use of predictable technician passwords. The vulnerability can be exploited by a remote attacker to gain access via...

Trust Management Vulnerability in Multiple Arris Devices

The Arris DG860A, TG862A and TG862G are modem products from the Arris Group of Companies. A security vulnerability exists in a number of Arris devices that stems from a program using hard-coded passwords based on serial numbers. The vulnerability can be exploited by a remote attacker to gain acce...

Design/Logic Flaw

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in advpwdcgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 allows remote attackers to hijack the authentication of arbitrary users...

CVE-2015-7291

Cross-site request forgery CSRF vulnerability in advpwdcgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128100611 through TS0705125D031115 allows remote attackers to hijack the authentication of arbitrary users...

CVE-2009-5149

CVE-2009-5149 affects ARRIS DG860A, TG862A and TG862G cable modems with firmware TS0703128_100611 through TS0705125D_031115. The issue is a predictable technician password (“password of the day”) that can be exploited remotely to gain access via the web management interface. CERT/CC details furth...

CVE-2015-7289

The CVE-2015-7289 entry applies to ARRIS DG860A, TG862A, and TG862G cable modems with firmware TS0703128_100611 through TS0705125D_031115. The root cause is a hardcoded administrator password derived from the device serial number, enabling remote attackers to gain administrative access via the we...

ARRIS cable modems generate passwords deterministically and contain XSS and CSRF vulnerabilities

Overview Multiple models of ARRIS cable modems contain multiple, deterministically generated backdoor passwords, as well as multiple cross-site scripting XSS and cross-site request forgery CSRF vulnerabilities. Description CWE-255: Credentials Management - CVE-2009-5149The 'password of the day'...

CVE-2014-9406

ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to homeloggedout.php...

Default credentials

ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to homeloggedout.php...

CVE-2014-9406

CVE-2014-9406 affects the ARRIS Touchstone TG862G/CT Telephony Gateway (firmware 7.6.59S.CT and earlier). The underlying issue is a default admin password of 'password' , which allows remote attackers to gain access via a request to home_loggedout.php. The entry documents a network-accessible, hi...

CVE-2014-9406

ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to homeloggedout.php...

CVE-2014-5438

Cross-site scripting XSS vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computername parameter to connecteddevicescomputersedit.php...

CVE-2014-5437

Multiple cross-site request forgery CSRF vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 enable remote management via a request to remotemanagement.php, 2...

CVE-2014-5438

CVE-2014-5438 affects ARRIS Touchstone TG862G/CT Telephony Gateway (firmware 7.6.59S.CT and earlier). The vulnerability is a cross-site scripting (XSS) flaw in connected_devices_computers_edit.php, exploitable via the computer_name parameter. Post-authentication remote vectors are demonstrated wi...

CVE-2014-5437

CVE-2014-5437 affects Arris Touchstone TG862G/CT Telephony Gateway (firmware 7.6.59S.CT and earlier). Reported CSRF vulnerabilities allow remote attackers to hijack administrator authentication to perform admin actions via requests to remote_management.php (enable remote management), port_forward...