GCVE - cpe:2.3:h:arris:dg860a:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:arris:dg860a:*:*:*:*:*:*:*:*

part: h version: * update: *

Vendor	Arris (`290db500-1f7c-5464-99cb-40c6b5ca6750`)
Product	Dg860A (`d8f2640d-4b7f-59b6-a6ea-4848ccd5eafc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2015-7291`	not_vulnerable	2026-06-03 14:35:08.325727	Details available Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to hijack the authentication of arbitrary users. Published: 2015-11-21T11:00:00.000Z Updated: 2024-08-06T07:43:46.163Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/419568	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7290`	not_vulnerable	2026-06-03 14:35:08.325268	Details available Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows remote attackers to inject arbitrary web script or HTML via the pwd parameter. Published: 2015-11-21T11:00:00.000Z Updated: 2024-08-06T07:43:46.100Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/419568	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7289`	not_vulnerable	2026-06-03 14:35:08.321652	Details available Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for remote attackers to obtain access via the web management interface, SSH, TELNET, or SNMP. Published: 2015-11-21T11:00:00.000Z Updated: 2024-08-06T07:43:46.130Z Open on db.gcve.eu Reference links http://www.kb.cert.org/vuls/id/419568	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-5149`	not_vulnerable	2026-06-03 14:30:01.445101	Details available Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue. Published: 2015-11-21T11:00:00.000Z Updated: 2024-08-07T07:32:22.961Z Open on db.gcve.eu Reference links http://www.borfast.com/projects/arris-password-of-the-day-generator/ http://www.kb.cert.org/vuls/id/419568 https://github.com/borfast/arrispwgen https://play.google.com/store/apps/details?id=me.harrygonzalez.arrispod	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.