NotCVE - vendor:"Commscope"

Page 2 of 48 results (0.002 seconds)

CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1

CVE-2022-26996

https://notcve.org/view.php?id=CVE-2022-26996

15 Mar 2022 — Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función pppoe por medio de los parámetros pppoe_username, pppoe_passwd y pppoe_servicename. Esta vulnerabilidad permite a atacantes ejecuta... • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_13/13.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1

CVE-2022-26997

https://notcve.org/view.php?id=CVE-2022-26997

15 Mar 2022 — Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función upnp por medio del parámetro upnp_ttl. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición diseñada • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_9/9.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1

CVE-2022-26995

https://notcve.org/view.php?id=CVE-2022-26995

15 Mar 2022 — Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función pptp (wan_pptp.html) por medio de los parámetros pptp_fix_ip, pptp_fix_mask, pptp_fix_gw y wan_dns1_stat. Est... • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_14/14.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 1%CPEs: 10EXPL: 0

CVE-2021-41552

https://notcve.org/view.php?id=CVE-2021-41552

15 Feb 2022 — CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. Los dispositivos CommScope SURFboard SBG6950AC2 versión 9.1.103AA23, permiten una Inyección de Comandos • https://arris.my.salesforce.com/sfc/p/#30000000kUAL/a/4Q000000Raud/cRx46eSijpwhTpoeWSgB1dQehSMwFrLV1gurcqI35QY • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 1

CVE-2021-20119

https://notcve.org/view.php?id=CVE-2021-20119

09 Nov 2021 — The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. La utilidad de cambio de contraseña para el Arris SurfBoard SB8200 puede tener medidas de seguridad omitidas que permiten a cualquier usuario conectado cambiar la contraseña de administrador • https://www.tenable.com/security/research/tra-2021-49 • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1

CVE-2021-20120

https://notcve.org/view.php?id=CVE-2021-20120

21 Oct 2021 — The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user. La interfaz web de administración de la Arris Surfboard SB8200 carece de protecciones contra los ataques de tipo cross-site request forgery. Esto significa que un atacante podría realizar cambios de configuración (como cambiar la contraseña ... • https://www.tenable.com/security/research/tra-2021-45 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-33215 – CommScope Ruckus IoT Controller 1.7.1.0 Web Application Directory Traversal

https://notcve.org/view.php?id=CVE-2021-33215

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La API permite un Salto de Directorio A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller. • https://packetstorm.news/files/id/162846 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 23%CPEs: 1EXPL: 3

CVE-2021-33216 – Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account

https://notcve.org/view.php?id=CVE-2021-33216

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presenta una Puerta Trasera No Documentada, permitiendo el acceso al shell por medio de una cuenta de desarrollador An upgrade account is included in the IoT Controller OVA that provides the vendor undocumented access via Secure Copy (SCP). • https://packetstorm.news/files/id/162848 •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-33217 – CommScope Ruckus IoT Controller 1.7.1.0 Web Application Arbitrary Read/Write

https://notcve.org/view.php?id=CVE-2021-33217

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. La Aplicación Web permite acciones arbitrarias de lectura y escritura por parte de usuarios autenticados. • https://packetstorm.news/files/id/162847 • CWE-787: Out-of-bounds Write •

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1

CVE-2021-33218 – CommScope Ruckus IoT Controller 1.7.1.0 Hard-Coded System Passwords

https://notcve.org/view.php?id=CVE-2021-33218

27 May 2021 — An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. Se ha detectado un problema en CommScope Ruckus IoT Controller versiones 1.7.1.0 y anteriores. Se presentan Contraseñas de Sistema Embebidas que proporcionan acceso al shell Hard-coded, system-level credentials exist on the Ruckus IoT Controller OVA image, and are exposed to attackers who mount the filesystem. • https://packetstorm.news/files/id/162844 • CWE-798: Use of Hard-coded Credentials •

1 2 3 4 5