First published: Tue Nov 09 2021(Updated: )
The password change utility for the Arris SurfBoard SB8200 can have safety measures bypassed that allow any logged-in user to change the administrator password.
Credit: vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Commscope Arris Surfboard Sb8200 Firmware | =ab01.02.053.01_112320_193.0a.nsh | |
Commscope Arris Surfboard Sb8200 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-20119 is a vulnerability that allows any logged-in user to change the administrator password of the Arris SurfBoard SB8200.
The severity of CVE-2021-20119 is high with a CVSS score of 7.1.
The vulnerability in CVE-2021-20119 allows any logged-in user to bypass the safety measures implemented in the password change utility of the Arris SurfBoard SB8200.
Yes, the Commscope Arris Surfboard Sb8200 firmware version ab01.02.053.01_112320_193.0a.nsh is affected by CVE-2021-20119.
To mitigate CVE-2021-20119, it is recommended to update the firmware of the Arris SurfBoard SB8200 to a non-vulnerable version and restrict access to the password change utility.