Описание
Multiple serious vulnerabilities have been found in ARRIS cable modems. Malicious users can exploit these vulnerabilities to gain privileges or inject arbitrary code.
Below is a complete list of vulnerabilities:
- Predictable technician password can be exploited remotely to gain technician privileges;
- Unknown vulnerability at web management interface can be exploited remotely to gain arbitrary user privileges;
- Unknown vulnerability at web management initerface can be exploited remotely via a specially designed pwd parameter to inject arbitrary script or HTML;
- Hardcoded administrator password can be exploited remotely from vectors related to web management interface, SSH, TELNET, SNMP to gain administrator privileges.
Technical details
Vulnerabilities (2, 3) related to adv_pwd_cgi.
Vulnerability (4) caused by hardcoded administrators password derived from serial number.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2015-7291 high
- CVE-2015-7290 warning
- CVE-2009-5149 warning
- CVE-2015-7289 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!