PT-2014-6174 · Arris · Arris Touchstone Dg950A

Deral Heiland

Published

2014-09-05

Updated

2014-09-08

CVE-2014-4863

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Arris Touchstone DG950A cable modem version 7.10.131

Description The issue allows remote attackers to obtain sensitive information, including password, key, and SSID details, by sending an SNMP request. This is possible due to the use of a default SNMP community string set to public.

Recommendations For Arris Touchstone DG950A cable modem version 7.10.131, consider changing the default SNMP community string to a secure value to prevent unauthorized access. As a temporary workaround, restrict access to the SNMP service to minimize the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-4863

Affected Products

Arris Touchstone Dg950A

PT-2014-6174 · Arris · Arris Touchstone Dg950A

CVE-2014-4863

Weakness Enumeration

Related Identifiers

Affected Products

References · 4