CVE-2019-15805: Weak Encryption
First published: Thu Aug 29 2019(Updated: )
CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Commscope Tr4400 Firmware | <=a1.00.004-180301 | |
| Commscope Tr4400 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2019-15805.
What is the severity of CVE-2019-15805?
The severity of CVE-2019-15805 is critical, with a severity value of 9.8.
What is the affected software?
The affected software is CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301.
How does the vulnerability CVE-2019-15805 allow an authentication bypass?
The vulnerability CVE-2019-15805 allows an authentication bypass by including the current base64 encoded password within the login page of the administrative interface.
Who can exploit the vulnerability CVE-2019-15805?
Any user connected to the Wi-Fi can exploit the vulnerability CVE-2019-15805.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/commscope
- canonical/commscope tr4400 firmware
- version/commscope tr4400 firmware/a1.00.004-180301
- canonical/commscope tr4400