CRITICAL🇵🇱 Wersja polska

CVE-2019-15806

CVSS 9.8v3.0pub. 2019-08-29upd. 2024-11-21

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Commscope Tr4400

    HW
    Commscope
    wszystkie wersje
  • Commscope Tr4400 Firmware

    OS
    Commscope
    ≤ a1.00.004-180301
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2019-15805CRITICAL9.8ten sam produkt

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypa...

CVE-2023-25717CRITICAL9.8⚠ KEVten sam vendor

Ruckus Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as de...

CVE-2025-67305CRITICAL9.8PL ✓ten sam vendor

Hardcoded SSH keys w Commscope RUCKUS Network Director (RCE)

CVE-2025-67304CRITICAL9.8PL ✓ten sam vendor

Hardcoded credentials w Ruckus Network Director — dostęp do PostgreSQL i RCE

CVE-2025-44961CRITICAL9.9PL ✓ten sam vendor

Command injection w RUCKUS SmartZone przez pole adresu IP