CVE-2023-40038
HIGH WAF: Low
CVSS 8.8
Published: 2023-12-27
CWE-287
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)
WAF Coverage Analysis
Improper Authentication
Low WAF Coverage
OWASP: A07:2021 Identification and Authentication Failures
Affected Software
| Vendor | Product | Version |
|---|---|---|
| arris | dg860a_firmware | - |
| arris | dg1670a_firmware | ts0901203b6_020420_16xx.gw_pc20_tw |
References
- github.com (Third Party Advisory)
- i.ebayimg.com (Product)