Sign-up

ID

VAR-201412-0522


CVE

CVE-2014-5438


TITLE

ARRIS Touchstone TG862G/CT Telephony Gateway Firmware cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2014-007278

DESCRIPTION

Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php. The ARRIS TG862G Route is a router. Arris TG862G is prone to an HTML-injection vulnerability and a cross-site scripting vulnerability. Other attacks are also possible. Arris Touchstone TG862G/CT Telephony Gateway is a Modem (modem) router all-in-one machine produced by Arris Group Corporation of the United States. The vulnerability is caused by the connected_devices_computers_edit.php script not adequately filtering the 'computer_name' parameter

Trust: 2.52

sources: NVD: CVE-2014-5438 // JVNDB: JVNDB-2014-007278 // CNVD: CNVD-2014-09020 // BID: 71703 // VULHUB: VHN-73380

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-09020

AFFECTED PRODUCTS

vendor:arrismodel:touchstone tg862g\/ctscope:lteversion:7.6.59s.ct

Trust: 1.0

vendor:arris groupmodel:touchstone tg862g/ct telephony gatewayscope: - version: -

Trust: 0.8

vendor:arris groupmodel:touchstone tg862g/ct telephony gatewayscope:lteversion:7.6.59s.ct

Trust: 0.8

vendor:arris groupmodel:tg862g 7.6.59s.ctscope: - version: -

Trust: 0.6

vendor:arrismodel:touchstone tg862g\/ctscope:eqversion:7.6.59s.ct

Trust: 0.6

vendor:arrismodel:group touchstone tg862g/ct 7.6.59s.ctscope: - version: -

Trust: 0.3

vendor:arrismodel:group touchstone tg862g/ct 7.6.86l.ctscope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2014-09020 // BID: 71703 // JVNDB: JVNDB-2014-007278 // CNNVD: CNNVD-201412-390 // NVD: CVE-2014-5438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-5438
value: LOW

Trust: 1.0

NVD: CVE-2014-5438
value: LOW

Trust: 0.8

CNVD: CNVD-2014-09020
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201412-390
value: LOW

Trust: 0.6

VULHUB: VHN-73380
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2014-5438
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-09020
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-73380
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-09020 // VULHUB: VHN-73380 // JVNDB: JVNDB-2014-007278 // CNNVD: CNNVD-201412-390 // NVD: CVE-2014-5438

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-73380 // JVNDB: JVNDB-2014-007278 // NVD: CVE-2014-5438

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-390

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201412-390

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-007278

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-73380

PATCH
title:Touchstone TG862G/CT Telephony Gatewayurl:https://www.arrisi.com/support/documentation/user_guides/_docs/TG862G-CT_User_Guide_Standard1-0.pdf
Trust: 0.8
title:ARRIS TG862G has multiple vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/52972
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-09020 // 
            
            
            
            JVNDB: JVNDB-2014-007278

EXTERNAL IDS
db:NVDid:CVE-2014-5438
Trust: 3.4
db:BIDid:71703
Trust: 1.6
db:JVNDBid:JVNDB-2014-007278
Trust: 0.8
db:CNNVDid:CNNVD-201412-390
Trust: 0.7
db:CNVDid:CNVD-2014-09020
Trust: 0.6
db:PACKETSTORMid:129601
Trust: 0.1
db:VULHUBid:VHN-73380
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-09020 // 
            
            
            
            VULHUB: VHN-73380 // 
            
            
            
            BID: 71703 // 
            
            
            
            JVNDB: JVNDB-2014-007278 // 
            
            
            
            CNNVD: CNNVD-201412-390 // 
            
            
            
            NVD: CVE-2014-5438

REFERENCES
url:http://seclists.org/fulldisclosure/2014/dec/58
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-5438
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-5438
Trust: 0.8
url:http://www.securityfocus.com/bid/71703/info
Trust: 0.6
url:http://www.securityfocus.com/bid/71703
Trust: 0.6
url:http://www.arrisi.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2014-09020 // 
            
            
            
            VULHUB: VHN-73380 // 
            
            
            
            BID: 71703 // 
            
            
            
            JVNDB: JVNDB-2014-007278 // 
            
            
            
            CNNVD: CNNVD-201412-390 // 
            
            
            
            NVD: CVE-2014-5438

CREDITS
Seth Art
Trust: 0.9
sources:
            
            
            BID: 71703 // 
            
            
            
            CNNVD: CNNVD-201412-390

SOURCES
db:CNVDid:CNVD-2014-09020
db:VULHUBid:VHN-73380
db:BIDid:71703
db:JVNDBid:JVNDB-2014-007278
db:CNNVDid:CNNVD-201412-390
db:NVDid:CVE-2014-5438

LAST UPDATE DATE
2025-04-12T23:31:28.718000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-09020date:2014-12-19T00:00:00
db:VULHUBid:VHN-73380date:2014-12-18T00:00:00
db:BIDid:71703date:2014-12-15T00:00:00
db:JVNDBid:JVNDB-2014-007278date:2014-12-19T00:00:00
db:CNNVDid:CNNVD-201412-390date:2014-12-19T00:00:00
db:NVDid:CVE-2014-5438date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-09020date:2014-12-19T00:00:00
db:VULHUBid:VHN-73380date:2014-12-17T00:00:00
db:BIDid:71703date:2014-12-15T00:00:00
db:JVNDBid:JVNDB-2014-007278date:2014-12-19T00:00:00
db:CNNVDid:CNNVD-201412-390date:2014-12-18T00:00:00
db:NVDid:CVE-2014-5438date:2014-12-17T18:59:01.300