Search
Find a vulnerability
Search criteria
4 vulnerabilities found for arris_surfboard_sb8200_firmware by commscope
CVE-2021-20119 (GCVE-0-2021-20119)
Vulnerability from nvd – Published: 2021-11-09 18:13 – Updated: 2024-08-03 17:30
VLAI
Summary
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
Severity
No CVSS data available.
CWE
- Insecure Password Change Utility
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2021-49 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Arris SurfBoard SB8200 |
Affected:
Arris SurfBoard SB8200 AB01.02.053.01_112320_193.0A.NSH
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arris SurfBoard SB8200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Arris SurfBoard SB8200 AB01.02.053.01_112320_193.0A.NSH"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Password Change Utility",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-09T18:13:22.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arris SurfBoard SB8200",
"version": {
"version_data": [
{
"version_value": "Arris SurfBoard SB8200 AB01.02.053.01_112320_193.0A.NSH"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Password Change Utility"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-49",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20119",
"datePublished": "2021-11-09T18:13:22.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20120 (GCVE-0-2021-20120)
Vulnerability from nvd – Published: 2021-10-21 16:27 – Updated: 2024-08-03 17:30
VLAI
Summary
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
Severity
No CVSS data available.
CWE
- Cross Site Request Forgery
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2021-45 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Arris SurfBoard SB8200 |
Affected:
AB01.02.053.01_112320_193.0A.NSH
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arris SurfBoard SB8200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AB01.02.053.01_112320_193.0A.NSH"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T16:27:20.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-45"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arris SurfBoard SB8200",
"version": {
"version_data": [
{
"version_value": "AB01.02.053.01_112320_193.0A.NSH"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-45",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-45"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20120",
"datePublished": "2021-10-21T16:27:20.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20119 (GCVE-0-2021-20119)
Vulnerability from cvelistv5 – Published: 2021-11-09 18:13 – Updated: 2024-08-03 17:30
VLAI
Summary
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
Severity
No CVSS data available.
CWE
- Insecure Password Change Utility
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2021-49 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Arris SurfBoard SB8200 |
Affected:
Arris SurfBoard SB8200 AB01.02.053.01_112320_193.0A.NSH
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-49"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arris SurfBoard SB8200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Arris SurfBoard SB8200 AB01.02.053.01_112320_193.0A.NSH"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Insecure Password Change Utility",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-09T18:13:22.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-49"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arris SurfBoard SB8200",
"version": {
"version_data": [
{
"version_value": "Arris SurfBoard SB8200 AB01.02.053.01_112320_193.0A.NSH"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Password Change Utility"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-49",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-49"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20119",
"datePublished": "2021-11-09T18:13:22.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-20120 (GCVE-0-2021-20120)
Vulnerability from cvelistv5 – Published: 2021-10-21 16:27 – Updated: 2024-08-03 17:30
VLAI
Summary
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
Severity
No CVSS data available.
CWE
- Cross Site Request Forgery
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.tenable.com/security/research/tra-2021-45 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Arris SurfBoard SB8200 |
Affected:
AB01.02.053.01_112320_193.0A.NSH
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:30:07.478Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2021-45"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Arris SurfBoard SB8200",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "AB01.02.053.01_112320_193.0A.NSH"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Request Forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-21T16:27:20.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2021-45"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2021-20120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Arris SurfBoard SB8200",
"version": {
"version_data": [
{
"version_value": "AB01.02.053.01_112320_193.0A.NSH"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Request Forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2021-45",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2021-45"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2021-20120",
"datePublished": "2021-10-21T16:27:20.000Z",
"dateReserved": "2020-12-17T00:00:00.000Z",
"dateUpdated": "2024-08-03T17:30:07.478Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}