Filtered by vendor Commscope
Subscriptions
Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-20386 | 1 Commscope | 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware | 2022-10-03 | 9.8 Critical |
| ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | ||||
| CVE-2021-41552 | 1 Commscope | 10 Arris Surfboard Sbg10, Arris Surfboard Sbg10 Firmware, Arris Surfboard Sbg6950ac2 and 7 more | 2022-02-23 | 8.8 High |
| CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. | ||||
| CVE-2021-20119 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2021-11-15 | 7.1 High |
| The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. | ||||
| CVE-2021-20120 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2021-10-27 | 8.8 High |
| The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user. | ||||
| CVE-2017-16836 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2021-09-13 | 6.1 Medium |
| Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | ||||
| CVE-2017-9521 | 2 Cisco, Commscope | 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more | 2021-09-13 | 9.8 Critical |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date. | ||||
| CVE-2017-9492 | 2 Cisco, Commscope | 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more | 2021-09-13 | 7.5 High |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | ||||
| CVE-2017-9491 | 2 Cisco, Commscope | 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more | 2021-09-13 | 5.3 Medium |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. | ||||
| CVE-2017-9489 | 2 Cisco, Commscope | 4 Dpc3939b, Dpc3939b Firmware, Arris Tg1682g and 1 more | 2021-09-13 | 8.8 High |
| The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration changes via CSRF. | ||||
| CVE-2017-9476 | 2 Cisco, Commscope | 4 Dpc3939, Dpc3939 Firmware, Arris Tg1682g and 1 more | 2021-09-13 | 6.5 Medium |
| The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network. | ||||
| CVE-2017-14115 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2021-08-23 | N/A |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configures ssh-permanent-enable WAN SSH logins to the remotessh account with the 5SaP9I26 password, which allows remote attackers to access a "Terminal shell v1.0" service, and subsequently obtain unrestricted root privileges, by establishing an SSH session and then entering certain shell metacharacters and BusyBox commands. | ||||
| CVE-2017-10793 | 2 Att, Commscope | 3 U-verse Firmware, Arris Nvg589, Arris Nvg599 | 2021-08-23 | N/A |
| The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is not used, configures an sbdc.ha WAN TCP service on port 61001 with the bdctest account and the bdctest password, which allows remote attackers to obtain sensitive information (such as the Wi-Fi password) by leveraging knowledge of a hardware identifier, related to the Bulk Data Collection (BDC) mechanism defined in Broadband Forum technical reports. | ||||
| CVE-2014-3778 | 1 Commscope | 1 Arris Sbg901 | 2021-08-23 | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter. | ||||
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2021-07-21 | 8.8 High |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | ||||
| CVE-2020-26878 | 1 Commscope | 2 Ruckus Iot Module, Ruckus Vriot | 2021-07-21 | 8.8 High |
| Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py. | ||||
| CVE-2021-33217 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 8.8 High |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. | ||||
| CVE-2021-33219 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 9.8 Critical |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. | ||||
| CVE-2021-33218 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 9.8 Critical |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. | ||||
| CVE-2021-33216 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 9.8 Critical |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. | ||||
| CVE-2021-33215 | 1 Commscope | 1 Ruckus Iot Controller | 2021-07-09 | 4.3 Medium |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. | ||||