exploitDog

CVE-2018-10989

Опубликовано: 14 мая 2018

Источник: nvd

CVSS3: 6.6

CVSS2: 3.5

EPSS Низкий

Описание

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:commscope:arris_tg1682g_firmware:9.1.103j6:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_tg1682g:-:*:*:*:*:*:*:*

EPSS

Процентиль: 57%

0.00355

Низкий

6.6 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-1188

Связанные уязвимости

GHSA-7vw7-45gr-9vpj

CVSS3: 6.6

github

больше 3 лет назад

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."

EPSS

Процентиль: 57%

0.00355

Низкий

6.6 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-1188