Known Vulnerabilities for products from Arris
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Arris".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Arris can be found at device.report : Arris
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-40039 json | An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can... | 9.8 - CRITICAL | 2023-09-11 | 2023-09-13 |
| CVE-2023-40038 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2023-12-27 | 2024-01-04 |
| CVE-2022-45028 json | A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or H... | 6.1 - MEDIUM | 2022-12-13 | 2022-12-15 |
| CVE-2022-31793 json | do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a ... | 7.5 - HIGH | 2022-08-04 | 2022-08-11 |
| CVE-2022-26994 json | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command inj... | 9.8 - CRITICAL | 2022-03-15 | 2023-08-08 |
| CVE-2022-26993 json | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command inj... | 9.8 - CRITICAL | 2022-03-15 | 2023-08-08 |
| CVE-2022-26992 json | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command inj... | 9.8 - CRITICAL | 2022-03-15 | 2023-08-08 |
| CVE-2022-26991 json | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command inj... | 9.8 - CRITICAL | 2022-03-15 | 2023-08-08 |
| CVE-2022-26990 json | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command inj... | 9.8 - CRITICAL | 2022-03-15 | 2023-08-08 |
| CVE-2020-8438 json | Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /... | 7.2 - HIGH | 2020-01-29 | 2020-01-31 |
| CVE-2018-20386 json | ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.44... | 9.8 - CRITICAL | 2018-12-23 | 2021-09-13 |
| CVE-2018-20383 json | ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.... | 9.8 - CRITICAL | 2018-12-23 | 2021-09-13 |
| CVE-2018-17555 json | The web component on ARRIS TG2492LG-NA 061213 devices allows remote attackers to obtain sensitive information via the /snmpGe... | 7.5 - HIGH | 2018-09-26 | 2021-09-13 |
| CVE-2018-10990 json | On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a logout action does not immediately destroy all state on th... | 8 - HIGH | 2018-05-14 | 2023-11-07 |
| CVE-2018-10989 json | Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "passwor... | 6.6 - MEDIUM | 2018-05-14 | 2023-11-07 |
| CVE-2017-16836 json | Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the ... | 6.1 - MEDIUM | 2017-11-16 | 2021-09-13 |
| CVE-2017-14117 json | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configure... | 5.9 - MEDIUM | 2017-09-03 | 2017-09-13 |
| CVE-2017-14116 json | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when IP Passthrough mode is not used, configures WAN access... | 8.1 - HIGH | 2017-09-03 | 2017-09-13 |
| CVE-2017-14115 json | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 devices, when IP Passthrough mode is not used, configure... | 8.1 - HIGH | 2017-09-03 | 2021-08-23 |
| CVE-2017-10793 json | The AT&T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and unspecified other devices, when IP Passthrough mode is... | 8.1 - HIGH | 2017-09-03 | 2021-08-23 |
Known software with vulnerabilities from Arris
| Type | Vendor | Product | Version |
|---|---|---|---|
| Hardware | Arris | Sbg901 | - |
| Hardware | Arris | Touchstone Tg862g/ct | - |
| Application | Arris | Touchstone Tg862g/ct Firmware | 7.6.59s.ct |
| Operating System | Arris | Vap2500 Firmware | 08.41 |