CVE-2018-10989

MEDIUM

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 - Info Disclosure

Title source: llm

Description

Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are distributed by some ISPs with a default password of "password" for the admin account that is used over an unencrypted http://192.168.0.1 connection, which might allow remote attackers to bypass intended access restrictions by leveraging access to the local network. NOTE: one or more user's guides distributed by ISPs state "At a minimum, you should set a login password."

References (1)

[Various Sources] https://medium.com/%40AkshaySharmaUS/comcast-arris-touchstone-gateway-devices-are-vulnerable-heres-the-disclosure-7d603aa9342c

Scores

CVSS v3 6.6

EPSS 0.0036

EPSS Percentile 57.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-1188

Status published

Products (1)

commscope/arris_tg1682g_firmware 9.1.103j6

Published May 14, 2018

Tracked Since Feb 18, 2026