CVE-2014-5437

Name of the Vulnerable Software and Affected Versions ARRIS Touchstone TG862G/CT Telephony Gateway versions 7.6.59S.CT and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for various requests, including enabling remote management via "remote management.php", adding a port forwarding rule via "port forwarding add.php", changing the wireless network to open via "wireless network configuration edit.php", or conducting cross-site scripting (XSS) attacks via the keyword parameter to "managed sites add keyword.php".

Recommendations For ARRIS Touchstone TG862G/CT Telephony Gateway versions 7.6.59S.CT and earlier, consider disabling remote management and restricting access to the vulnerable API endpoints, such as "remote management.php", "port forwarding add.php", "wireless network configuration edit.php", and "managed sites add keyword.php", until a patch is available. Avoid using the keyword parameter in the "managed sites add keyword.php" endpoint to minimize the risk of cross-site scripting (XSS) attacks.