Skip to main content

Inadequate Encryption Strength

CVE-2019-15805

Severity High
Score 9.8/10

Summary

CommScope ARRIS TR4400 devices with firmware through A1.00.004-180301 are vulnerable to an authentication bypass to the administrative interface because they include the current base64 encoded password within http://192.168.1.1/login.html. Any user connected to the Wi-Fi can exploit this.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • HIGH

CWE-326 - Inadequate Encryption Strength

The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References

Advisory Timeline

  • Published