ID CVE-2009-5149
Summary Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.
References
Vulnerable Configurations
  • cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts070593c_073013:*:*:*:*:*:*:*
    cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts070593c_073013:*:*:*:*:*:*:*
  • cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703128_100611:*:*:*:*:*:*:*
    cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703128_100611:*:*:*:*:*:*:*
  • cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703135_112211:*:*:*:*:*:*:*
    cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0703135_112211:*:*:*:*:*:*:*
  • cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125_062314:*:*:*:*:*:*:*
    cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125_062314:*:*:*:*:*:*:*
  • cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125d_031115:*:*:*:*:*:*:*
    cpe:2.3:o:arris:na_model_862_gw_mono_firmware:ts0705125d_031115:*:*:*:*:*:*:*
  • cpe:2.3:h:arris:dg860a:*:*:*:*:*:*:*:*
    cpe:2.3:h:arris:dg860a:*:*:*:*:*:*:*:*
  • cpe:2.3:h:arris:tg862a:*:*:*:*:*:*:*:*
    cpe:2.3:h:arris:tg862a:*:*:*:*:*:*:*:*
  • cpe:2.3:h:arris:tg862g:*:*:*:*:*:*:*:*
    cpe:2.3:h:arris:tg862g:*:*:*:*:*:*:*:*
CVSS
Base: 4.3 (as of 23-11-2015 - 16:52)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:N/A:N
refmap via4
cert-vn VU#419568
misc
Last major update 23-11-2015 - 16:52
Published 21-11-2015 - 11:59
Last modified 23-11-2015 - 16:52
Back to Top