- Description
- Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- CWE-287
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:dg860a_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B0F8212-DAB2-4A13-9268-2201EF2AB1F3"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:dg860a:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "244A5CC6-DA00-4E1D-AECD-4E446E6FE9E8"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arris:dg1670a_firmware:ts0901203b6_020420_16xx.gw_pc20_tw:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEC53589-0DA8-4342-B2FE-520B8D1CDF3A"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arris:dg1670a:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FD31D71D-6794-4497-ADB6-389BF0771147"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]