VAR-201409-0174
Vulnerability from variot - Updated: 2024-04-19 22:51The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. Arris Provided by Touchstone DG950A Contains an information disclosure vulnerability. Arris Provided by Touchstone DG950A Is the default setting SNMP Is enabled. DG950A Is known SNMP Uses community name, username, password and WiFi There is a vulnerability that leaks information such as keys (CWE-200) . Other versions may also be affected by this vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlUser name, password and password set on the device by a remote third party WiFi You may be able to obtain sensitive information such as keys. The ARRIS Touchstone Data Gateway DG860P2 is a combination of a 4-port Gigabit router. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0174",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "touchstone dg950a software",
"scope": "eq",
"trust": 1.6,
"vendor": "arris",
"version": "7.10.131"
},
{
"model": "touchstone dg950a",
"scope": "eq",
"trust": 1.0,
"vendor": "arris",
"version": null
},
{
"model": "touchstone dg950a",
"scope": null,
"trust": 0.8,
"vendor": "arris group",
"version": null
},
{
"model": "touchstone dg950a software",
"scope": "eq",
"trust": 0.8,
"vendor": "arris group",
"version": "version 7.10.131"
},
{
"model": "touchstone data gateway dg860p2",
"scope": "eq",
"trust": 0.6,
"vendor": "arris",
"version": "3"
},
{
"model": "group touchstone dg950a",
"scope": "eq",
"trust": 0.3,
"vendor": "arris",
"version": "7.10.131"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:arris:touchstone_dg950a_software:7.10.131:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arris:touchstone_dg950a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Deral Heiland and Matthew Kienow.",
"sources": [
{
"db": "BID",
"id": "69631"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4863",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-004045",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-05344",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4863",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-004045",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-05344",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-056",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request. Arris Provided by Touchstone DG950A Contains an information disclosure vulnerability. Arris Provided by Touchstone DG950A Is the default setting SNMP Is enabled. DG950A Is known SNMP Uses community name, username, password and WiFi There is a vulnerability that leaks information such as keys (CWE-200) . Other versions may also be affected by this vulnerability. CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlUser name, password and password set on the device by a remote third party WiFi You may be able to obtain sensitive information such as keys. The ARRIS Touchstone Data Gateway DG860P2 is a combination of a 4-port Gigabit router. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4863"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4863",
"trust": 3.3
},
{
"db": "CERT/CC",
"id": "VU#855836",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU95304841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045",
"trust": 0.8
},
{
"db": "OSVDB",
"id": "110555",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-05344",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056",
"trust": 0.6
},
{
"db": "CERT/CC",
"id": "VU#259548",
"trust": 0.3
},
{
"db": "BID",
"id": "69631",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"id": "VAR-201409-0174",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
}
]
},
"last_update_date": "2024-04-19T22:51:27.426000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Touchstone Data Gateway",
"trust": 0.8,
"url": "http://www.arrisi.com/products/product.asp?id=53"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863"
},
{
"trust": 2.4,
"url": "http://www.kb.cert.org/vuls/id/855836"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4863"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95304841/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4863"
},
{
"trust": 0.8,
"url": "http://www.arrisi.com/support/documentation/user_guides/_docs/dg950_user_guide_std1-4.pdf"
},
{
"trust": 0.6,
"url": "http://www.osvdb.com/show/osvdb/110555"
},
{
"trust": 0.3,
"url": "http://www.arrisi.com/products/product.asp?id=50"
},
{
"trust": 0.3,
"url": "http://www.kb.cert.org/vuls/id/259548"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"db": "BID",
"id": "69631"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"date": "2014-08-21T00:00:00",
"db": "BID",
"id": "69631"
},
{
"date": "2014-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"date": "2014-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"date": "2014-09-05T17:55:06.953000",
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05344"
},
{
"date": "2014-08-21T00:00:00",
"db": "BID",
"id": "69631"
},
{
"date": "2014-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004045"
},
{
"date": "2014-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-056"
},
{
"date": "2014-09-08T17:11:09.140000",
"db": "NVD",
"id": "CVE-2014-4863"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arris Cable modem Touchstone DG950A Information disclosure vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004045"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201409-056"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…