Known Vulnerabilities for products from Arris
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Arris".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Arris can be found at device.report : Arris
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-8438 | Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /... | 7.2 - HIGH | 2020-01-29 | 2020-01-31 |
| CVE-2018-20386 | ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.44... | 9.8 - CRITICAL | 2018-12-23 | 2021-09-13 |
| CVE-2018-20383 | ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.... | 9.8 - CRITICAL | 2018-12-23 | 2021-09-13 |
| CVE-2018-17555 | The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGe... | 7.5 - HIGH | 2018-09-26 | 2021-09-13 |
| CVE-2018-10990 | On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on th... | 8 - HIGH | 2018-05-14 | 2023-11-07 |
| CVE-2018-10989 | Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "passwor... | 6.6 - MEDIUM | 2018-05-14 | 2023-11-07 |
| CVE-2017-16836 | Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the ... | 6.1 - MEDIUM | 2017-11-16 | 2021-09-13 |
| CVE-2017-14117 | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configure... | 5.9 - MEDIUM | 2017-09-03 | 2017-09-13 |
| CVE-2017-14116 | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access... | 8.1 - HIGH | 2017-09-03 | 2017-09-13 |
| CVE-2017-14115 | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configure... | 8.1 - HIGH | 2017-09-03 | 2021-08-23 |
| CVE-2017-10793 | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is... | 8.1 - HIGH | 2017-09-03 | 2021-08-23 |
| CVE-2017-9521 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware ... | 9.8 - CRITICAL | 2017-07-31 | 2021-09-13 |
| CVE-2017-9492 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware ... | 7.5 - HIGH | 2017-07-31 | 2021-09-13 |
| CVE-2017-9491 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware ... | 5.3 - MEDIUM | 2017-07-31 | 2021-09-13 |
| CVE-2017-9490 | The Comcast firmware on Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) de... | 8.8 - HIGH | 2017-07-31 | 2017-08-08 |
| CVE-2017-9489 | The Comcast firmware on Cisco DPC3939B (firmware version dpc3939b-v303r204217-150321a-CMCST) devices allows configuration cha... | 8.8 - HIGH | 2017-07-31 | 2021-09-13 |
| CVE-2017-9476 | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware ... | 6.5 - MEDIUM | 2017-07-31 | 2021-09-13 |
| CVE-2015-7291 | Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and T... | 6.8 - MEDIUM | 2015-11-21 | 2015-11-23 |
| CVE-2015-7290 | Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G d... | 4.3 - MEDIUM | 2015-11-21 | 2015-11-23 |
| CVE-2015-7289 | Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administra... | 9.3 - HIGH | 2015-11-21 | 2015-11-23 |
Known software with vulnerabilities from Arris
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Arris | Sbg901 | - |
| Hardware | Arris | Touchstone Tg862g/ct | - |
| Application | Arris | Touchstone Tg862g/ct Firmware | 7.6.59s.ct |
| Operating System | Arris | Vap2500 Firmware | 08.41 |