CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-9406
https://notcve.org/view.php?id=CVE-2014-9406
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. ARRIS Touchstone TG862G/CT Telephony Gateway con firmware 7.6.59S.CT y anteriores tienen una contraseña por defecto en la cuenta admin, lo que facilita a atacantes remotos obtener acceso a través de una petición a home_loggedout.php. • http://seclists.org/fulldisclosure/2014/Dec/57 • CWE-255: Credentials Management Errors •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5438 – Arris Touchstone TG862G/CT Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-5438
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. Vulnerabilidad de XSS en ARRIS Touchstone TG862G/CT Telephony Gateway con firmware 7.6.59S.CT y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro computer_name en connected_devices_computers_edit.php Arris Touchstone TG862G/CT suffers from a cross site scripting vulnerability. • http://seclists.org/fulldisclosure/2014/Dec/58 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-5437 – Arris Touchstone TG862G/CT Cross Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-5437
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. Múltiples vulnerabilidades de CSRF en ARRIS Touchstone TG862G/CT Telephony Gateway con firmware 7.6.59S.CT y anteriores permiten a atacantes remotos secuestrar la autenticación de administradores para solicitudes que (1) habilitan la gestión remota a través de una solicitud a remote_management.php, (2) añaden una regla de reenvío de puerto a través de una solicitud a port_forwarding_add.php, (3) cambian la red inalámbrica a abierta a través de una solicitud a wireless_network_configuration_edit.php, o (4) realizar ataques de XSS a través del parámetro keyword en managed_sites_add_keyword.php. Arris Touchstone TG862G/CT suffers from a cross site request forgery vulnerability. • http://seclists.org/fulldisclosure/2014/Dec/57 http://seclists.org/fulldisclosure/2014/Dec/58 • CWE-352: Cross-Site Request Forgery (CSRF) •