CVE-2021-41552 - OpenCVE

CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Commscope	Arris Surfboard Sbg6950ac2 Arris Surfboard Sbg7400ac2 Arris Surfboard Sbg7580ac Firmware Arris Surfboard Sbg7600ac2 Arris Surfboard Sbg7580ac Arris Surfboard Sbg10 Arris Surfboard Sbg7400ac2 Firmware Arris Surfboard Sbg6950ac2 Firmware Arris Surfboard Sbg7600ac2 Firmware Arris Surfboard Sbg10 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:commscope:arris_surfboard_sbg6950ac2_firmware:9.1.103aa23:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_surfboard_sbg6950ac2:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:commscope:arris_surfboard_sbg7400ac2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_surfboard_sbg7400ac2:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:commscope:arris_surfboard_sbg7580ac_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_surfboard_sbg7580ac:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:commscope:arris_surfboard_sbg7600ac2_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_surfboard_sbg7600ac2:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:commscope:arris_surfboard_sbg10_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_surfboard_sbg10:-:*:*:*:*:*:*:*

References

Link	Resource
https://arris.my.salesforce.com/sfc/p/#30000000kUAL/a/4Q000000Raud/cRx46eSijpwhTpoeWSgB1dQehSMwFrLV1gurcqI35QY	Third Party Advisory
https://commscope.com	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-15T13:32:50

Updated: 2022-02-17T13:51:07

Reserved: 2021-09-22T00:00:00

Link: CVE-2021-41552

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-02-15T14:15:07.890

Modified: 2022-02-23T16:15:38.703

Link: CVE-2021-41552

JSON object: View

Redhat Information

No data.

CWE

CWE-77

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:commscope:arris_surfboard_sbg6950ac2_firmware:9.1.103aa23:*:*:*:*:*:*:*", "matchCriteriaId": "F54A6A5F-391B-45B0-BC2C-E0C2CAC327EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:commscope:arris_surfboard_sbg6950ac2:-:*:*:*:*:*:*:*", "matchCriteriaId": "C886BE42-DD25-41A9-AEB9-64C123E09967", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:commscope:arris_surfboard_sbg7400ac2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2D1AFC69-0327-43B7-8087-987104F50D6B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:commscope:arris_surfboard_sbg7400ac2:-:*:*:*:*:*:*:*", "matchCriteriaId": "5AA07380-52E8-43F8-B832-D9B3D1E8903F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:commscope:arris_surfboard_sbg7580ac_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "F86C2150-F9B2-4CD1-B617-7E03BFF86901", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:commscope:arris_surfboard_sbg7580ac:-:*:*:*:*:*:*:*", "matchCriteriaId": "58306DA7-23F2-4177-A7E9-6E2DEB55FADE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:commscope:arris_surfboard_sbg7600ac2_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "553B5596-516F-4BC0-A13B-A3CC80FE078E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:commscope:arris_surfboard_sbg7600ac2:-:*:*:*:*:*:*:*", "matchCriteriaId": "FDDFCC30-EB10-4114-BF35-B6FFB6EDD792", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:commscope:arris_surfboard_sbg10_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "79348E1B-EA62-4B48-8C7C-C3307E2B85B2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:commscope:arris_surfboard_sbg10:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF735A23-C7F6-40EE-9F9A-2591EFEF94ED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection."}, {"lang": "es", "value": "Los dispositivos CommScope SURFboard SBG6950AC2 versi\u00f3n 9.1.103AA23, permiten una Inyecci\u00f3n de Comandos"}], "id": "CVE-2021-41552", "lastModified": "2022-02-23T16:15:38.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-15T14:15:07.890", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://arris.my.salesforce.com/sfc/p/#30000000kUAL/a/4Q000000Raud/cRx46eSijpwhTpoeWSgB1dQehSMwFrLV1gurcqI35QY"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://commscope.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}