Cross-Site Request Forgery Vulnerability in Arris DG860A, TG862A, and TG862G
CVE-2015-7291

Currently unrated

Key Information:

Vendor: Arris
Status: Na Model 862 Gw Mono Firmware
Vendor: CVE Published:; 21 November 2015

What is CVE-2015-7291?

A cross-site request forgery (CSRF) vulnerability exists in the web management interface of Arris DG860A, TG862A, and TG862G devices. This flaw enables remote attackers to exploit users' authentication, potentially hijacking their sessions without their consent. This vulnerability affects devices running firmware versions TS0703128_100611 through TS0705125D_031115, creating significant risks for affected users who may unknowingly trigger unauthorized actions through malicious requests.

References

http://www.kb.cert.org/vuls/id/419568

third-party-advisoryx_refsource_CERT-VN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2015
Vulnerability Reserved
Sep 18, 2015