Strix
26.1K

CVE-2019-15806

UnknownEPSS 1.19%

Last modified

CVE-2019-15806 is a vulnerability of currently unknown severity. CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.. EPSS estimates a 1.19% chance of exploitation in the next 30 days.

Description

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.

Metrics

EPSS Probability
1.19%

64.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CommscopeTr4400 Firmware<= a1.00.004-180301

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2019-15806?
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/basic_sett.html. Any user connected to the Wi-Fi can exploit this.
How severe is CVE-2019-15806?
Severity scoring for CVE-2019-15806 is pending analysis. The EPSS model estimates a 1.19% probability of exploitation in the next 30 days.
How do I fix CVE-2019-15806?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-15806?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST