Details of VAR-201412-0101

ID

VAR-201412-0101

CVE

CVE-2014-9406

TITLE

ARRIS Touchstone TG862G/CT Telephony Gateway Vulnerabilities in which access rights can be obtained in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2014-007277

DESCRIPTION

ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access via a request to home_loggedout.php. ARRIS Touchstone TG862G/CT Telephony Gateway is a Modem (Modem) router integrated machine from Arris Group of the United States. Touchstone Tg862g%2Fct Firmware is prone to a remote security vulnerability. A remote attacker could exploit this vulnerability by sending a request to the home_loggedout.php script to gain access

Trust: 2.52

sources: NVD: CVE-2014-9406 // JVNDB: JVNDB-2014-007277 // CNVD: CNVD-2014-09154 // BID: 77757 // VULHUB: VHN-77351

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-09154

AFFECTED PRODUCTS

vendor:	arris	model:	touchstone tg862g\/ct	scope:	eq	version:	7.6.59s.ct	Trust: 1.6
vendor:	arris group	model:	touchstone tg862g/ct telephony gateway	scope:	-	version:	-	Trust: 0.8
vendor:	arris group	model:	touchstone tg862g/ct telephony gateway	scope:	lte	version:	7.6.59s.ct	Trust: 0.8
vendor:	arris group	model:	touchstone tg862g/ct telephony gateway <=7.6.59s.ct	scope:	-	version:	-	Trust: 0.6
vendor:	arris	model:	touchstone tg862g%2fct 7.6.59s.ct	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2014-09154 // BID: 77757 // JVNDB: JVNDB-2014-007277 // CNNVD: CNNVD-201412-399 // NVD: CVE-2014-9406

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9406
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9406
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-09154
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201412-399
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-77351
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9406
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-09154
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-77351
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-09154 // VULHUB: VHN-77351 // JVNDB: JVNDB-2014-007277 // CNNVD: CNNVD-201412-399 // NVD: CVE-2014-9406

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-77351 // JVNDB: JVNDB-2014-007277 // NVD: CVE-2014-9406

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-399

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201412-399

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-007277

PATCH

title:

Touchstone TG862G/CT Telephony Gateway

url:

https://www.arrisi.com/support/documentation/user_guides/_docs/TG862G-CT_User_Guide_Standard1-0.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2014-007277

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9406	Trust: 3.4
db:	JVNDB	id:	JVNDB-2014-007277	Trust: 0.8
db:	CNNVD	id:	CNNVD-201412-399	Trust: 0.7
db:	CNVD	id:	CNVD-2014-09154	Trust: 0.6
db:	BID	id:	77757	Trust: 0.4
db:	VULHUB	id:	VHN-77351	Trust: 0.1

sources: CNVD: CNVD-2014-09154 // VULHUB: VHN-77351 // BID: 77757 // JVNDB: JVNDB-2014-007277 // CNNVD: CNNVD-201412-399 // NVD: CVE-2014-9406

REFERENCES

url:	http://seclists.org/fulldisclosure/2014/dec/57	Trust: 2.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9406	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9406	Trust: 0.8

sources: CNVD: CNVD-2014-09154 // VULHUB: VHN-77351 // BID: 77757 // JVNDB: JVNDB-2014-007277 // CNNVD: CNNVD-201412-399 // NVD: CVE-2014-9406

CREDITS

Unknown

Trust: 0.3

sources: BID: 77757

SOURCES

db:	CNVD	id:	CNVD-2014-09154
db:	VULHUB	id:	VHN-77351
db:	BID	id:	77757
db:	JVNDB	id:	JVNDB-2014-007277
db:	CNNVD	id:	CNNVD-201412-399
db:	NVD	id:	CVE-2014-9406

LAST UPDATE DATE

2025-04-12T23:04:53.437000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-09154	date:	2014-12-26T00:00:00
db:	VULHUB	id:	VHN-77351	date:	2014-12-18T00:00:00
db:	BID	id:	77757	date:	2014-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-007277	date:	2014-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201412-399	date:	2014-12-19T00:00:00
db:	NVD	id:	CVE-2014-9406	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-09154	date:	2014-12-29T00:00:00
db:	VULHUB	id:	VHN-77351	date:	2014-12-18T00:00:00
db:	BID	id:	77757	date:	2014-12-18T00:00:00
db:	JVNDB	id:	JVNDB-2014-007277	date:	2014-12-19T00:00:00
db:	CNNVD	id:	CNNVD-201412-399	date:	2014-12-19T00:00:00
db:	NVD	id:	CVE-2014-9406	date:	2014-12-18T15:59:03.913