PT-2023-27229 · Arris · Arris Dg860A+1
Edward Warren
·
Published
2023-12-27
·
Updated
2024-01-04
·
CVE-2023-40038
CVSS v3.1
8.8
High
| Vector | AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Arris DG860A (affected versions not specified)
Arris DG1670A (affected versions not specified)
Description
The devices have predictable default WPA2 PSKs, which could lead to unauthorized remote access. They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.
Recommendations
For Arris DG860A, change the default WPA2 PSK to a unique and strong password.
For Arris DG1670A, change the default WPA2 PSK to a unique and strong password.
As a temporary workaround, consider changing the SSID and BSSID to make it harder for attackers to predict the default WPA2 PSK.
Exploit
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arris Dg1670A
Arris Dg860A