CVE-2023-40038 - OpenCVE

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Arris	Dg1670a Firmware Dg860a Dg1670a Dg860a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:arris:dg860a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:dg860a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:arris:dg1670a_firmware:ts0901203b6_020420_16xx.gw_pc20_tw:*:*:*:*:*:*:*

cpe:2.3:h:arris:dg1670a:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038	Third Party Advisory
https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg	Product

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-27T00:00:00

Updated: 2023-12-27T20:10:35.822453

Reserved: 2023-08-08T00:00:00

Link: CVE-2023-40038

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-27T20:15:19.230

Modified: 2024-01-04T16:18:01.263

Link: CVE-2023-40038

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:dg860a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B0F8212-DAB2-4A13-9268-2201EF2AB1F3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:dg860a:-:*:*:*:*:*:*:*", "matchCriteriaId": "244A5CC6-DA00-4E1D-AECD-4E446E6FE9E8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:dg1670a_firmware:ts0901203b6_020420_16xx.gw_pc20_tw:*:*:*:*:*:*:*", "matchCriteriaId": "CEC53589-0DA8-4342-B2FE-520B8D1CDF3A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:dg1670a:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD31D71D-6794-4497-ADB6-389BF0771147", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)"}, {"lang": "es", "value": "Los dispositivos Arris DG860A y DG1670A tienen PSK WPA2 predeterminados predecibles que podr\u00edan provocar un acceso remoto no autorizado. (Usan los primeros 6 caracteres del SSID y los \u00faltimos 6 caracteres del BSSID, disminuyendo el \u00faltimo d\u00edgito)."}], "id": "CVE-2023-40038", "lastModified": "2024-01-04T16:18:01.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-27T20:15:19.230", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}