Vulnerabilities (CVE)

Filtered by vendor Commscope Subscribe
Total 45 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-23618 1 Commscope 2 Arris Surfboard Sbg6950ac2, Arris Surfboard Sbg6950ac2 Firmware 2024-01-31 8.3 HIGH 9.8 CRITICAL
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.
CVE-2023-45992 1 Commscope 1 Ruckus Cloudpath Enrollment System 2024-01-12 N/A 9.6 CRITICAL
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system.
CVE-2023-27571 1 Commscope 2 Dg3450, Dg3450 Firmware 2023-12-10 N/A 5.3 MEDIUM
An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files.
CVE-2023-27572 1 Commscope 2 Dg3450, Dg3450 Firmware 2023-12-10 N/A 6.1 MEDIUM
An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter.
CVE-2022-45701 1 Commscope 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more 2023-12-10 N/A 8.8 HIGH
Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature.
CVE-2022-27002 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27000 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26995 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26996 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2021-41552 1 Commscope 10 Arris Surfboard Sbg10, Arris Surfboard Sbg10 Firmware, Arris Surfboard Sbg6950ac2 and 7 more 2023-12-10 5.8 MEDIUM 8.8 HIGH
CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.
CVE-2022-26998 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-27001 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26999 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2022-26997 1 Commscope 2 Arris Tr3300, Arris Tr3300 Firmware 2023-12-10 10.0 HIGH 9.8 CRITICAL
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVE-2021-20120 1 Commscope 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware 2023-12-10 6.8 MEDIUM 8.8 HIGH
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
CVE-2021-20119 1 Commscope 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware 2023-12-10 4.9 MEDIUM 7.1 HIGH
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
CVE-2021-33219 1 Commscope 1 Ruckus Iot Controller 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
CVE-2021-33221 1 Commscope 1 Ruckus Iot Controller 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints.
CVE-2021-33220 1 Commscope 1 Ruckus Iot Controller 2023-12-10 4.6 MEDIUM 7.8 HIGH
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
CVE-2021-33216 1 Commscope 1 Ruckus Iot Controller 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account.