Hardcoded Password Vulnerability in Arris Devices by Arris
CVE-2015-7289

Currently unrated

Key Information:

Vendor: Arris
Status: Na Model 862 Gw Mono Firmware
Vendor: CVE Published:; 21 November 2015

What is CVE-2015-7289?

Arris DG860A, TG862A, and TG862G devices are affected by a security flaw that involves hardcoded administrator passwords derived from the devices' serial numbers. This vulnerability can potentially allow remote attackers to gain unauthorized access through various communication protocols such as web management interfaces, SSH, TELNET, and SNMP, thereby compromising the security of the affected devices. Users are advised to identify the affected firmware versions and implement necessary updates to mitigate associated risks.

References

http://www.kb.cert.org/vuls/id/419568

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2015
Vulnerability Reserved
Sep 18, 2015