48 results (0.011 seconds)

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. Existe una vulnerabilidad de ejecución de código arbitrario en los dispositivos Arris SURFboard SGB6950AC2. Un atacante no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecución del código como root. • https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability • CWE-306: Missing Authentication for Critical Function •

CVSS: 9.6EPSS: 0%CPEs: 1EXPL: 1

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. Una vulnerabilidad en la interfaz web del producto RUCKUS Cloudpath en la versión 5.12 build 5538 o anterior podría permitir que un atacante remoto no autenticado ejecute ataques XSS y CSRF persistentes contra un usuario de la interfaz de gestión de administración. Un ataque exitoso, combinado con una determinada actividad administrativa, podría permitir al atacante obtener privilegios completos de administrador en el sistema explotado. • https://github.com/harry935/CVE-2023-45992 http://ruckus.com https://server.cloudpath https://server.cloudpath/admin/enrollmentData https://support.ruckuswireless.com/security_bulletins/322 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 2

An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://sec-consult.com/en/vulnerability-lab/advisories/index.html https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway https://www.sec-consult.com/en/blog • CWE-306: Missing Authentication for Critical Function •

CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 2

An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://sec-consult.com/en/vulnerability-lab/advisories/index.html https://sec-consult.com/vulnerability-lab/advisory/multiple-vulnerabilities-in-arris-dg3450-cable-gateway https://www.sec-consult.com/en/blog • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 3%CPEs: 6EXPL: 3

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. • https://www.exploit-db.com/exploits/51269 https://github.com/yerodin/CVE-2022-45701 http://arris.com https://packetstormsecurity.com/files/171001/Arris-Router-Firmware-9.1.103-Remote-Code-Execution.htmlhttps://github.com/yerodin/CVE-2022-45701 •