7.5

CVE-2020-9476

ARRIS TG1692A devices allow remote attackers to discover the administrator login name and password by reading the /login page and performing base64 decoding.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CommscopeArris Tg1692a Firmware Version9.1.103de2
   CommscopeArris Tg1692a Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.96% 0.569
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://arris.secure.force.com/consumers/ConsumerProductSupport
Vendor Advisory
https://medium.com/%40rsantos_14778/info-disclosure-cve-2020-9476-494a08298c6b