PT-2018-10227 · Arris · Arris Touchstone Telephony Gateway Tg1682G

Publicado

2018-05-14

Atualizado

2021-09-13

CVE-2018-10989

CVSS v3.1

6.6

Média

Vetor

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6

Description The device has a default password of password for the admin account, which is used over an unencrypted connection to http://192.168.0.1. This might allow remote attackers to bypass intended access restrictions by leveraging access to the local network.

Recommendations For Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6, change the default admin password to a strong and unique password to prevent unauthorized access. As a temporary workaround, consider restricting access to the http://192.168.0.1 endpoint until a more secure connection method is implemented.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1188

Identificadores relacionados

CVE-2018-10989

Produtos afetados

Arris Touchstone Telephony Gateway Tg1682G

PT-2018-10227 · Arris · Arris Touchstone Telephony Gateway Tg1682G

CVE-2018-10989

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4