Vulnerabilities (CVE)

Filtered by vendor Commscope Subscribe
Total 40 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27002 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-01-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27001 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2022-03-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27000 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2022-03-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26999 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2022-03-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26998 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2022-03-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26997 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2022-03-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26996 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2022-03-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26995 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2022-03-25 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2021-41552 1 Commscope 10 Arris Surfboard Sbg10, Arris Surfboard Sbg10 Firmware, Arris Surfboard Sbg6950ac2 and 7 more 2022-02-23 5.8 MEDIUM 8.8 HIGH
CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.
CVE-2021-20119 1 Commscope 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware 2021-11-15 4.9 MEDIUM 7.1 HIGH
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
CVE-2021-20120 1 Commscope 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware 2021-10-27 6.8 MEDIUM 8.8 HIGH
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
CVE-2018-20386 1 Commscope 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware 2021-09-13 5.0 MEDIUM 9.8 CRITICAL
ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-20383 2 Arris, Commscope 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more 2021-09-13 5.0 MEDIUM 9.8 CRITICAL
ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.
CVE-2018-17555 1 Commscope 2 Arris Tg2492lg-na, Arris Tg2492lg-na Firmware 2021-09-13 5.0 MEDIUM 7.5 HIGH
The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGet oids parameter.
CVE-2018-10990 1 Commscope 2 Arris Tg1682g, Arris Tg1682g Firmware 2021-09-13 7.5 HIGH 8.0 HIGH
On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on the device related to the validity of the "credential" cookie, which might make it easier for attackers to obtain access at a later time (e.g., "at least for a few minutes"). NOTE: there is no documentation stating that the web UI's logout feature was supposed to do anything beyond removing the cookie from one instance of a web browser; a client-side logout action is often not intended to address cases where a person has made a copy of a cookie outside of a browser.
CVE-2018-10989 1 Commscope 2 Arris Tg1682g, Arris Tg1682g Firmware 2021-09-13 3.5 LOW 6.6 MEDIUM
Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."
CVE-2017-9492 2 Cisco, Commscope 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more 2021-09-13 5.0 MEDIUM 7.5 HIGH
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not include the HTTPOnly flag in a Set-Cookie header for administration applications, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.
CVE-2017-16836 1 Commscope 2 Arris Tg1682g, Arris Tg1682g Firmware 2021-09-13 4.3 MEDIUM 6.1 MEDIUM
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
CVE-2017-9521 2 Cisco, Commscope 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more 2021-09-13 7.5 HIGH 9.8 CRITICAL
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices allows remote attackers to execute arbitrary code via a specific (but unstated) exposed service. NOTE: the scope of this CVE does NOT include the concept of "Unnecessary Services" in general; the scope is only a single service that is unnecessarily exposed, leading to remote code execution. The details of that service might be disclosed at a later date.
CVE-2017-9491 2 Cisco, Commscope 8 Dpc3939, Dpc3939 Firmware, Dpc3939b and 5 more 2021-09-13 5.0 MEDIUM 5.3 MEDIUM
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST); Cisco DPC3941T (firmware version DPC3941_2.5s3_PROD_sey); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices does not set the secure flag for cookies in an https session to an administration application, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.