Filtered by vendor Commscope
Subscribe
Total
63 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41552 | 1 Commscope | 10 Arris Surfboard Sbg10, Arris Surfboard Sbg10 Firmware, Arris Surfboard Sbg6950ac2 and 7 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection. | |||||
| CVE-2021-33221 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Unauthenticated API Endpoints. | |||||
| CVE-2021-33220 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. | |||||
| CVE-2021-33219 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. | |||||
| CVE-2021-33218 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. | |||||
| CVE-2021-33217 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root. | |||||
| CVE-2021-33216 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. An Undocumented Backdoor exists, allowing shell access via a developer account. | |||||
| CVE-2021-33215 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The API allows Directory Traversal. | |||||
| CVE-2021-20120 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user. | |||||
| CVE-2021-20119 | 1 Commscope | 2 Arris Surfboard Sb8200, Arris Surfboard Sb8200 Firmware | 2024-11-21 | 4.9 MEDIUM | 7.1 HIGH |
| The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password. | |||||
| CVE-2020-9476 | 1 Commscope | 2 Arris Tg1692a, Arris Tg1692a Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding. | |||||
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | |||||
| CVE-2020-8033 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. | |||||
| CVE-2020-7983 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks. | |||||
| CVE-2020-26879 | 1 Commscope | 2 Ruckus Iot Module, Ruckus Vriot | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header. | |||||
| CVE-2020-26878 | 1 Commscope | 2 Ruckus Iot Module, Ruckus Vriot | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py. | |||||
| CVE-2019-15806 | 1 Commscope | 2 Tr4400, Tr4400 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this. | |||||
| CVE-2019-15805 | 1 Commscope | 2 Tr4400, Tr4400 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this. | |||||
| CVE-2018-20386 | 1 Commscope | 2 Arris Sbg6580-2, Arris Sbg6580-2 Firmware | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ARRIS SBG6580-2 D30GW-SEAEAGLE-1.5.2.5-GA-00-NOSH devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||
| CVE-2018-20383 | 2 Arris, Commscope | 4 Dg950s Firmware, Arris Dg950a, Arris Dg950a Firmware and 1 more | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| ARRIS DG950A 7.10.145 and DG950S 7.10.145.EURO devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests. | |||||