CVE-2019-15805 - OpenCVE

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Commscope	Tr4400 Tr4400 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:commscope:tr4400_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:commscope:tr4400:-:*:*:*:*:*:*:*

References

Link	Resource
https://medium.com/%40v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-29T17:21:59

Updated: 2019-08-29T17:21:59

Reserved: 2019-08-29T00:00:00

Link: CVE-2019-15805

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-29T18:15:12.530

Modified: 2023-11-07T03:05:32.677

Link: CVE-2019-15805

JSON object: View

Redhat Information

No data.

CWE

CWE-326

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-08-29T17:21:59", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://medium.com/%40v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15805", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://medium.com/@v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570", "refsource": "MISC", "url": "https://medium.com/@v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15805", "datePublished": "2019-08-29T17:21:59", "dateReserved": "2019-08-29T00:00:00", "dateUpdated": "2019-08-29T17:21:59", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:commscope:tr4400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "282791F7-9CD0-4772-AE3F-5801792F8A36", "versionEndIncluding": "a1.00.004-180301", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:commscope:tr4400:-:*:*:*:*:*:*:*", "matchCriteriaId": "34054E19-C957-4B56-88C7-8E0973B33D90", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this."}, {"lang": "es", "value": "Los dispositivos CommScope ARRIS TR4400 con versiones de firmware hasta A1.00.004-180301, son vulnerables a una omisi\u00f3n de autenticaci\u00f3n a la interfaz administrativa porque incluyen la contrase\u00f1a codificada en base64 actual dentro de http://192.168.1.1/login.html. Cualquier usuario conectado a la red Wi-Fi puede explotar esto."}], "id": "CVE-2019-15805", "lastModified": "2023-11-07T03:05:32.677", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-29T18:15:12.530", "references": [{"source": "cve@mitre.org", "url": "https://medium.com/%40v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}