Cross-Site Scripting in ARRIS Telephony Gateway by ARRIS
CVE-2014-5438

Currently unrated

Key Information:

Vendor: Arris
Status: Touchstone Tg862g\/ct Firmware
Vendor: CVE Published:; 17 December 2014

What is CVE-2014-5438?

The ARRIS Touchstone TG862G/CT Telephony Gateway is susceptible to a cross-site scripting vulnerability that allows remote authenticated users to inject malicious web scripts or HTML. This issue manifests through manipulation of the 'computer_name' parameter in the connected_devices_computers_edit.php interface, enabling attackers to exploit affected devices by executing unauthorized scripts, potentially compromising the integrity and security of the device and its network.

References

http://seclists.org/fulldisclosure/2014/Dec/58

mailing-listx_refsource_FULLDISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2014
Vulnerability Reserved
Aug 22, 2014

Arris

What is CVE-2014-5438?

References

Timeline