CVE-2018-10990

Name of the Vulnerable Software and Affected Versions Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6

Description The logout action on the device does not immediately destroy all state related to the validity of the credential cookie. This might allow attackers to obtain access at a later time, for example, at least for a few minutes. It is noted that the web UI's logout feature is not intended to address cases where a person has made a copy of a cookie outside of a browser.

Recommendations For Arris Touchstone Telephony Gateway TG1682G version 9.1.103J6, as a temporary workaround, consider implementing additional security measures to minimize the risk of exploitation, such as restricting access to sensitive areas of the web UI after a logout action. At the moment, there is no information about a newer version that contains a fix for this vulnerability.