CVE-2014-4863

Published: Sep 5, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Arris Touchstone DG950A cable modem with software 7.10.131 has an SNMP community of public, which allows remote attackers to obtain sensitive password, key, and SSID information via an SNMP request.

Affected (2)

Products: Arris: Touchstone Dg950a Software, Touchstone Dg950a

Arris

2 products

Touchstone Dg950a Software

Touchstone Dg950a

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Arris Touchstone Dg950a Software	Version 7.10.131
Arris Touchstone Dg950a	All versions

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

http://www.kb.cert.org/vuls/id/855836

Source: cret@cert.org

US Government Resource

https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863

Source: cret@cert.org

Exploit

http://www.kb.cert.org/vuls/id/855836

Source: af854a3a-2127-422b-91ae-364da2661108

US Government Resource

https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.