PT-2015-7508 · Arris · Arris Tg862G+1
Bernardo Rodrigues
·
Published
2015-11-21
·
Updated
2015-11-23
·
CVE-2015-7290
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Arris DG860A versions TS0703128 100611 through TS0705125D 031115
Arris TG862A versions TS0703128 100611 through TS0705125D 031115
Arris TG862G versions TS0703128 100611 through TS0705125D 031115
Description
A cross-site scripting (XSS) issue exists in the web management interface of the affected devices, allowing remote attackers to inject arbitrary web script or HTML via the
pwd parameter. This could potentially lead to unauthorized access or control of the device.Recommendations
For Arris DG860A versions TS0703128 100611 through TS0705125D 031115, avoid using the
pwd parameter in the affected API endpoint until the issue is resolved.
For Arris TG862A versions TS0703128 100611 through TS0705125D 031115, avoid using the pwd parameter in the affected API endpoint until the issue is resolved.
For Arris TG862G versions TS0703128 100611 through TS0705125D 031115, avoid using the pwd parameter in the affected API endpoint until the issue is resolved.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arris Dg860A
Arris Tg862G