PT-2015-7507 · Arris · Arris Tg862G+1
Bernardo Rodrigues
·
Published
2015-11-21
·
Updated
2015-11-23
·
CVE-2015-7289
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Arris DG860A versions TS0703128 100611 through TS0705125D 031115
Arris TG862A versions TS0703128 100611 through TS0705125D 031115
Arris TG862G versions TS0703128 100611 through TS0705125D 031115
Description
The issue concerns a hardcoded administrator password that can be derived from the device's serial number, making it easier for remote attackers to gain access. This access can be obtained through various interfaces, including the web management interface, SSH, TELNET, or SNMP.
Recommendations
For Arris DG860A versions TS0703128 100611 through TS0705125D 031115, consider changing the administrator password to a strong, unique password as soon as possible.
For Arris TG862A versions TS0703128 100611 through TS0705125D 031115, consider changing the administrator password to a strong, unique password as soon as possible.
For Arris TG862G versions TS0703128 100611 through TS0705125D 031115, consider changing the administrator password to a strong, unique password as soon as possible.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arris Dg860A
Arris Tg862G