Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2009-5149

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.

Published

2015-11-21T11:59:00.123

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-255
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System arris na_model_862_gw_mono_firmware ts070593c_073013 Yes
Operating System arris na_model_862_gw_mono_firmware ts0703128_100611 Yes
Operating System arris na_model_862_gw_mono_firmware ts0703135_112211 Yes
Operating System arris na_model_862_gw_mono_firmware ts0705125_062314 Yes
Operating System arris na_model_862_gw_mono_firmware ts0705125d_031115 Yes
Hardware arris dg860a * No
Hardware arris tg862a * No
Hardware arris tg862g * No
References