VAR-201412-0521
Vulnerability from variot - Updated: 2023-12-18 13:09Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. ARRIS Touchstone TG862G/CT Telephony Gateway Because the firmware of the default password of the administrator account password, there is a vulnerability to gain access.By a third party home_loggedout.php Access may be obtained through a request for. The ARRIS TG862G Route is a router. A cross-site request forgery vulnerability exists in the ARRIS TG862G Route due to a program failing to properly validate HTTP requests. Allow remote attackers to perform certain unauthorized operations. Other attacks are also possible. Arris TG862G running firmware version 7.6.59S.CT is vulnerable. Arris Touchstone TG862G/CT Telephony Gateway is a Modem (modem) router all-in-one machine produced by Arris Group Corporation of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201412-0521",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "touchstone tg862g/ct telephony gateway",
"scope": null,
"trust": 1.6,
"vendor": "arris group",
"version": null
},
{
"model": "touchstone tg862g/ct telephony gateway",
"scope": "lte",
"trust": 1.6,
"vendor": "arris group",
"version": "7.6.59s.ct"
},
{
"model": "touchstone tg862g\\/ct",
"scope": "lte",
"trust": 1.0,
"vendor": "arris",
"version": "7.6.59s.ct"
},
{
"model": "tg862g 7.6.59s.ct",
"scope": null,
"trust": 0.6,
"vendor": "arris group",
"version": null
},
{
"model": "touchstone tg862g\\/ct",
"scope": "eq",
"trust": 0.6,
"vendor": "arris",
"version": "7.6.59s.ct"
},
{
"model": "group touchstone tg862g/ct 7.6.59s.ct",
"scope": null,
"trust": 0.3,
"vendor": "arris",
"version": null
},
{
"model": "group touchstone tg862g/ct 7.6.86l.ct",
"scope": "ne",
"trust": 0.3,
"vendor": "arris",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "BID",
"id": "71699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:arris:touchstone_tg862g\\/ct_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.6.59s.ct",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:arris:touchstone_tg862g\\/ct:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5437"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Seth Art",
"sources": [
{
"db": "BID",
"id": "71699"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
],
"trust": 0.9
},
"cve": "CVE-2014-5437",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-5437",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-5437",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-09002",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-73379",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-5437",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-5437",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-09002",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201412-391",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-73379",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "VULHUB",
"id": "VHN-73379"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php, (2) add a port forwarding rule via a request to port_forwarding_add.php, (3) change the wireless network to open via a request to wireless_network_configuration_edit.php, or (4) conduct cross-site scripting (XSS) attacks via the keyword parameter to managed_sites_add_keyword.php. ARRIS Touchstone TG862G/CT Telephony Gateway Because the firmware of the default password of the administrator account password, there is a vulnerability to gain access.By a third party home_loggedout.php Access may be obtained through a request for. The ARRIS TG862G Route is a router. A cross-site request forgery vulnerability exists in the ARRIS TG862G Route due to a program failing to properly validate HTTP requests. Allow remote attackers to perform certain unauthorized operations. Other attacks are also possible. \nArris TG862G running firmware version 7.6.59S.CT is vulnerable. Arris Touchstone TG862G/CT Telephony Gateway is a Modem (modem) router all-in-one machine produced by Arris Group Corporation of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "BID",
"id": "71699"
},
{
"db": "VULHUB",
"id": "VHN-73379"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-73379",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73379"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-5437",
"trust": 4.2
},
{
"db": "BID",
"id": "71699",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201412-391",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-09002",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "129600",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-73379",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "VULHUB",
"id": "VHN-73379"
},
{
"db": "BID",
"id": "71699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
]
},
"id": "VAR-201412-0521",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "VULHUB",
"id": "VHN-73379"
}
],
"trust": 1.34583335
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
}
]
},
"last_update_date": "2023-12-18T13:09:17.886000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Touchstone TG862G/CT Telephony Gateway",
"trust": 1.6,
"url": "https://www.arrisi.com/support/documentation/user_guides/_docs/tg862g-ct_user_guide_standard1-0.pdf"
},
{
"title": "Patch for ARRIS TG862G Route Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/52937"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-73379"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"db": "NVD",
"id": "CVE-2014-5437"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "http://seclists.org/fulldisclosure/2014/dec/57"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2014/dec/58"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/71699"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9406"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9406"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5437"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5437"
},
{
"trust": 0.3,
"url": "http://www.arrisi.com/support/documentation/user_guides/_docs/arris_router_setup_web_gui_ug.pdf"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "VULHUB",
"id": "VHN-73379"
},
{
"db": "BID",
"id": "71699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"db": "VULHUB",
"id": "VHN-73379"
},
{
"db": "BID",
"id": "71699"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"date": "2014-12-17T00:00:00",
"db": "VULHUB",
"id": "VHN-73379"
},
{
"date": "2014-12-15T00:00:00",
"db": "BID",
"id": "71699"
},
{
"date": "2014-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"date": "2014-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"date": "2014-12-17T18:59:00.067000",
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"date": "2014-12-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-12-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-09002"
},
{
"date": "2014-12-18T00:00:00",
"db": "VULHUB",
"id": "VHN-73379"
},
{
"date": "2014-12-15T00:00:00",
"db": "BID",
"id": "71699"
},
{
"date": "2014-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007277"
},
{
"date": "2014-12-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007295"
},
{
"date": "2014-12-18T17:58:26.267000",
"db": "NVD",
"id": "CVE-2014-5437"
},
{
"date": "2014-12-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ARRIS Touchstone TG862G/CT Telephony Gateway Vulnerabilities in which access rights can be obtained in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007277"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201412-391"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…