var-201409-0174
Vulnerability from variot
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. Arris Provided by Touchstone DG950A Contains an information disclosure vulnerability. Arris Provided by Touchstone DG950A Is the default setting SNMP Is enabled. DG950A Is known SNMP Uses community name, username, password and WiFi There is a vulnerability that leaks information such as keys (CWE-200) . Other versions may also be affected by this vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlUser name, password and password set on the device by a remote third party WiFi You may be able to obtain sensitive information such as keys. The ARRIS Touchstone Data Gateway DG860P2 is a combination of a 4-port Gigabit router. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "touchstone dg950a software",
"scope": "eq",
"trust": 1.6,
"vendor": "arris",
"version": "7.10.131"
},
{
"model": "touchstone dg950a",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "arris",
"version": null
},
{
"model": "touchstone dg950a",
"scope": null,
"trust": 0.8,
"vendor": "arris group",
"version": null
},
{
"model": "touchstone dg950a software",
"scope": "eq",
"trust": 0.8,
"vendor": "arris group",
"version": "version 7.10.131"
},
{
"model": "touchstone data gateway dg860p2",
"scope": "eq",
"trust": 0.6,
"vendor": "arris",
"version": "3"
},
{
"model": "group touchstone dg950a",
"scope": "eq",
"trust": 0.3,
"vendor": "arris",
"version": "7.10.131"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#855836"
},
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:arris:touchstone_dg950a",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:arris:touchstone_dg950a_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland and Matthew Kienow.",
"sources": [
{
"db": "BID",
"id": "69631"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4863",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.0,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 3.4,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-4863",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCORROBORATED",
"severity": "MEDIUM",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-004045",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05344",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-4863",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4863",
"trust": 0.8,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-004045",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-05344",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-056",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#855836"
},
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. Arris Provided by Touchstone DG950A Contains an information disclosure vulnerability. Arris Provided by Touchstone DG950A Is the default setting SNMP Is enabled. DG950A Is known SNMP Uses community name, username, password and WiFi There is a vulnerability that leaks information such as keys (CWE-200) . Other versions may also be affected by this vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlUser name, password and password set on the device by a remote third party WiFi You may be able to obtain sensitive information such as keys. The ARRIS Touchstone Data Gateway DG860P2 is a combination of a 4-port Gigabit router. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4863"
},
{
"db": "CERT/CC",
"id": "VU#855836"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
}
],
"trust": 3.15
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/855836",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#855836"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4863",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#855836",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVNVU95304841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "110555",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-05344",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#259548",
"trust": 0.3
},
{
"db": "BID",
"id": "69631",
"trust": 0.3
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#855836"
},
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"id": "VAR-201409-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
}
]
},
"last_update_date": "2024-11-23T22:35:06.308000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Touchstone Data Gateway",
"trust": 0.8,
"url": "http://www.arrisi.com/products/product.asp?id=53"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/855836"
},
{
"trust": 0.8,
"url": "http://moto.arrisi.com/support/documentation/user_guides/_docs/dg950_user_guide_std1-4.pdf"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4863"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95304841/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4863"
},
{
"trust": 0.8,
"url": "http://www.arrisi.com/support/documentation/user_guides/_docs/dg950_user_guide_std1-4.pdf"
},
{
"trust": 0.6,
"url": "http://www.osvdb.com/show/osvdb/110555"
},
{
"trust": 0.3,
"url": "http://www.arrisi.com/products/product.asp?id=50"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/259548"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#855836"
},
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#855836"
},
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-04T00:00:00",
"db": "CERT/CC",
"id": "VU#855836"
},
{
"date": "2014-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"date": "2014-08-21T00:00:00",
"db": "BID",
"id": "69631"
},
{
"date": "2014-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"date": "2014-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"date": "2014-09-05T17:55:06.953000",
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-04T00:00:00",
"db": "CERT/CC",
"id": "VU#855836"
},
{
"date": "2014-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"date": "2014-08-21T00:00:00",
"db": "BID",
"id": "69631"
},
{
"date": "2014-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"date": "2014-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"date": "2024-11-21T02:11:00.637000",
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arris Touchstone cable modem information leakage vulnerabiliity",
"sources": [
{
"db": "CERT/CC",
"id": "VU#855836"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.