CVE-2014-4863: Infoleak
First published: Fri Sep 05 2014(Updated: )
The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arris Touchstone Dg950a Software | =7.10.131 | |
| Arris Touchstone DG950A |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-4863?
CVE-2014-4863 is considered a medium severity vulnerability because it exposes sensitive information via SNMP.
How do I fix CVE-2014-4863?
To fix CVE-2014-4863, change the SNMP community string from 'public' to a more secure value.
Who is affected by CVE-2014-4863?
CVE-2014-4863 affects users of the Arris Touchstone DG950A cable modem running software version 7.10.131.
What type of attack does CVE-2014-4863 enable?
CVE-2014-4863 enables remote attackers to retrieve sensitive data like passwords and SSIDs through SNMP requests.
Is CVE-2014-4863 actively exploited?
There have been reports of active exploitation attempts against devices vulnerable to CVE-2014-4863.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- agent/source
- vendor/arris
- canonical/arris touchstone dg950a software
- version/arris touchstone dg950a software/7.10.131
- canonical/arris touchstone dg950a