CVE-2019-15805

CVE Database · CVE-2019-15805

CVE-2019-15805

· N/AModified

CVSS v3.1

N/A

EPSS

1.19%

Published

Aug 29, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.

Weaknesses (CWE)

CWE-326

Affected Products (2)

commscope · tr4400_firmwarevulnerable

commscope · tr4400

References (2)

https://medium.com/%40v.roberthoutenbrink/commscope-vulnerability-authentication-bypass-in-arris-tr4400-firmware-version-a1-00-004-180301-4a90aa8e7570

KEV Catalog EPSS Scores Vendors All CVEs