CVE-2015-7290

Name of the Vulnerable Software and Affected Versions Arris DG860A versions TS0703128 100611 through TS0705125D 031115 Arris TG862A versions TS0703128 100611 through TS0705125D 031115 Arris TG862G versions TS0703128 100611 through TS0705125D 031115

Description A cross-site scripting (XSS) issue exists in the web management interface of the affected devices, allowing remote attackers to inject arbitrary web script or HTML via the pwd parameter. This could potentially lead to unauthorized access or control of the device.

Recommendations For Arris DG860A versions TS0703128 100611 through TS0705125D 031115, avoid using the pwd parameter in the affected API endpoint until the issue is resolved. For Arris TG862A versions TS0703128 100611 through TS0705125D 031115, avoid using the pwd parameter in the affected API endpoint until the issue is resolved. For Arris TG862G versions TS0703128 100611 through TS0705125D 031115, avoid using the pwd parameter in the affected API endpoint until the issue is resolved.