Cross-Site Request Forgery Vulnerabilities in ARRIS Touchstone Telephony Gateway
CVE-2014-5437

Currently unrated

Key Information:

Vendor: Arris
Status: Touchstone Tg862g\/ct Firmware
Vendor: CVE Published:; 17 December 2014

What is CVE-2014-5437?

The ARRIS Touchstone TG862G/CT Telephony Gateway is susceptible to multiple cross-site request forgery vulnerabilities, allowing remote attackers to manipulate the device's settings without authentication. These vulnerabilities enable unauthorized requests to enable remote management, modify port forwarding rules, change network security settings, and initiate cross-site scripting attacks through improper handling of user inputs.

References

http://seclists.org/fulldisclosure/2014/Dec/57

mailing-listx_refsource_FULLDISC

http://seclists.org/fulldisclosure/2014/Dec/58

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2014
Vulnerability Reserved
Aug 22, 2014

Arris

What is CVE-2014-5437?

References

Timeline