OpenCVE

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Arris	Dg1670a Dg1670a Firmware Dg860a Dg860a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:arris:dg860a_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:arris:dg860a:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:arris:dg1670a_firmware:ts0901203b6_020420_16xx.gw_pc20_tw:*:*:*:*:*:*:*

cpe:2.3:h:arris:dg1670a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038
https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-27T00:00:00

Updated: 2024-08-02T18:24:54.678Z

Reserved: 2023-08-08T00:00:00

Link: CVE-2023-40038

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-27T20:15:19.230

Modified: 2024-11-21T08:18:34.460

Link: CVE-2023-40038

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:dg860a_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B0F8212-DAB2-4A13-9268-2201EF2AB1F3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:dg860a:-:*:*:*:*:*:*:*", "matchCriteriaId": "244A5CC6-DA00-4E1D-AECD-4E446E6FE9E8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:arris:dg1670a_firmware:ts0901203b6_020420_16xx.gw_pc20_tw:*:*:*:*:*:*:*", "matchCriteriaId": "CEC53589-0DA8-4342-B2FE-520B8D1CDF3A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:arris:dg1670a:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD31D71D-6794-4497-ADB6-389BF0771147", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)"}, {"lang": "es", "value": "Los dispositivos Arris DG860A y DG1670A tienen PSK WPA2 predeterminados predecibles que podr\u00edan provocar un acceso remoto no autorizado. (Usan los primeros 6 caracteres del SSID y los \u00faltimos 6 caracteres del BSSID, disminuyendo el \u00faltimo d\u00edgito)."}], "id": "CVE-2023-40038", "lastModified": "2024-11-21T08:18:34.460", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-27T20:15:19.230", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}