PT-2018-10227 · Arris · Arris Touchstone Telephony Gateway Tg1682G

Published

2018-05-14

Updated

2021-09-13

CVE-2018-10989

CVSS v3.1

6.6

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6

Description The device has a default password of password for the admin account, which is used over an unencrypted connection to http://192.168.0.1. This might allow remote attackers to bypass intended access restrictions by leveraging access to the local network.

Recommendations For Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6, change the default admin password to a strong and unique password to prevent unauthorized access. As a temporary workaround, consider restricting access to the http://192.168.0.1 endpoint until a more secure connection method is implemented.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1188

Related Identifiers

CVE-2018-10989

Affected Products

Arris Touchstone Telephony Gateway Tg1682G

PT-2018-10227 · Arris · Arris Touchstone Telephony Gateway Tg1682G

CVE-2018-10989

Weakness Enumeration

Related Identifiers

Affected Products

References · 4