Filtered by vendor Commscope Subscriptions
Total 48 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-23618 1 Commscope 2 Arris Surfboard Sbg6950ac2, Arris Surfboard Sbg6950ac2 Firmware 2024-01-31 9.8 Critical
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.
CVE-2023-45992 1 Commscope 1 Ruckus Cloudpath Enrollment System 2024-01-12 9.6 Critical
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
CVE-2022-27002 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-11-07 9.8 Critical
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2020-9476 1 Commscope 2 Arris Tg1692a, Arris Tg1692a Firmware 2023-11-07 7.5 High
ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding.
CVE-2019-15806 1 Commscope 2 Tr4400, Tr4400 Firmware 2023-11-07 N/A
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.
CVE-2019-15805 1 Commscope 2 Tr4400, Tr4400 Firmware 2023-11-07 N/A
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.
CVE-2018-10990 1 Commscope 2 Arris Tg1682g, Arris Tg1682g Firmware 2023-11-07 8.0 High
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.
CVE-2018-10989 1 Commscope 2 Arris Tg1682g, Arris Tg1682g Firmware 2023-11-07 6.6 Medium
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."
CVE-2022-26996 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-08-08 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26997 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-08-08 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27001 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-08-08 9.8 Critical
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26998 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-08-08 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26999 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-08-08 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27000 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-08-08 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26995 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-08-08 9.8 Critical
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2023-27571 1 Commscope 2 Dg3450, Dg3450 Firmware 2023-04-21 5.3 Medium
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
CVE-2023-27572 1 Commscope 2 Dg3450, Dg3450 Firmware 2023-04-21 6.1 Medium
An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter.
CVE-2022-45701 1 Commscope 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more 2023-02-27 8.8 High
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
CVE-2018-17555 1 Commscope 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware 2022-10-03 7.5 High
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
CVE-2018-20383 2 Arris, Commscope 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more 2022-10-03 9.8 Critical
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.