Predictable Technician Password Vulnerability in Arris Networking Devices
CVE-2009-5149

Currently unrated

Key Information:

Vendor: Arris
Status: Na Model 862 Gw Mono Firmware
Vendor: CVE Published:; 21 November 2015

What is CVE-2009-5149?

Certain Arris devices, including the DG860A, TG862A, and TG862G, are susceptible to a vulnerability that stems from the use of predictable technician passwords. This situation arises from a 'password of the day' mechanism, allowing attackers to easily guess or derive passwords to gain unauthorized access via the web management interface. This issue highlights the importance of strong, unpredictable password policies and proper device configuration to enhance security and protect against potential remote attacks.

References

http://www.borfast.com/projects/arris-password-of-the-day...

x_refsource_MISC

http://www.kb.cert.org/vuls/id/419568

third-party-advisoryx_refsource_CERT-VN

https://github.com/borfast/arrispwgen

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2015
Vulnerability Reserved
Nov 19, 2015