Vulnerabilities
Vulnerable Software
Commscope:  Security Vulnerabilities
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.035
Published
2022-03-15
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.061
Published
2022-03-15
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
CVSS Score
9.8
EPSS Score
0.029
Published
2022-03-15
CommScope SURFboard SBG6950AC2 9.1.103AA23 devices allow Command Injection.
CVSS Score
8.8
EPSS Score
0.007
Published
2022-02-15
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
CVSS Score
7.1
EPSS Score
0.004
Published
2021-11-09
The administration web interface for the Arris Surfboard SB8200 lacks any protections against cross-site request forgery attacks. This means that an attacker could make configuration changes (such as changing the administrative password) without the consent of the user.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-10-21
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. The Web Application allows Arbitrary Read/Write actions by authenticated users. The API allows an HTTP POST of arbitrary content into any file on the filesystem as root.
CVSS Score
8.8
EPSS Score
0.014
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access.
CVSS Score
9.8
EPSS Score
0.023
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-07-07
An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist.
CVSS Score
7.8
EPSS Score
0.003
Published
2021-07-07


Contact Us

Shodan ® - All rights reserved