Vulnerability Details CVE-2019-15805
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 47.1%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://medium.com/%40v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570
- https://medium.com/%40v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570
Products affected by CVE-2019-15805
-
cpe:2.3:h:commscope:tr4400:-
-
cpe:2.3:o:commscope:tr4400_firmware:-
-
cpe:2.3:o:commscope:tr4400_firmware:a1.00.004-180301