Beschreibung
Multiple serious vulnerabilities have been found in ARRIS cable modems. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code.
Below is a complete list of vulnerabilities:
- Predictable technician password can be exploited remotely to gain technician privileges;
- Unknown vulnerability at web management interface can be exploited remotely to gain arbitrary user privileges;
- Unknown vulnerability at web management initerface can be exploited remotely via a specially designed pwd parameter to inject arbitrary script or HTML;
- Hardcoded administrator password can be exploited remotely from vectors related to web management interface, SSH, TELNET, SNMP to gain administrator privileges.
Technical details
Vulnerabilities (2, 3) related to adv_pwd_cgi.
Vulnerability (4) caused by hardcoded administrators password derived from serial number.
Ursprüngliche Informationshinweise
CVE Liste
- CVE-2015-7291 critical
- CVE-2015-7290 critical
- CVE-2009-5149 critical
- CVE-2015-7289 critical
Mehr erfahren
Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com
Sie haben einen Fehler in der Beschreibung der Schwachstelle gefunden? Mitteilen!