CVE-2009-5149

Name: CVE-2009-5149
Creator: NVD / NIST
Published: 2015-11-21T11:59:00.123+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 2.48%

Last modified Jun 16, 2026

CVE-2009-5149 is a vulnerability of currently unknown severity. Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.. EPSS estimates a 2.48% chance of exploitation in the next 30 days.

Description

Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.

Metrics

EPSS Probability

2.48%

82.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-255

Affected Software

Vendor	Product	Versions
Arris	Na Model 862 Gw Mono Firmware	ts070593c_073013
Arris	Na Model 862 Gw Mono Firmware	ts0703128_100611
Arris	Na Model 862 Gw Mono Firmware	ts0703135_112211
Arris	Na Model 862 Gw Mono Firmware	ts0705125_062314
Arris	Na Model 862 Gw Mono Firmware	ts0705125d_031115

References

http://www.borfast.com/projects/arris-password-of-the-day-generator/Exploit
http://www.kb.cert.org/vuls/id/419568Third Party Advisory, US Government Resource
https://github.com/borfast/arrispwgenExploit
https://play.google.com/store/apps/details?id=me.harrygonzalez.arrispodPatch
http://www.borfast.com/projects/arris-password-of-the-day-generator/Exploit
http://www.kb.cert.org/vuls/id/419568Third Party Advisory, US Government Resource
https://github.com/borfast/arrispwgenExploit
https://play.google.com/store/apps/details?id=me.harrygonzalez.arrispodPatch

Timeline

Published: Nov 21, 2015
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-5149?

How severe is CVE-2009-5149?

Severity scoring for CVE-2009-5149 is pending analysis. The EPSS model estimates a 2.48% probability of exploitation in the next 30 days.

How do I fix CVE-2009-5149?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-5149?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST