CVE-2023-40039

CRITICAL

Arris Tg852g Firmware - Improper Access Control

Title source: rule

Description

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.

References (3)

Core 3

Core References

Third Party Advisory

https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40039

View Writeup ZIP pw:eip

Product

https://i.ebayimg.com/images/g/-UcAAOSwDe1kyD-Z/s-l1600.png

Product

https://i.ebayimg.com/images/g/4P0AAOSwdhxkrZtt/s-l1600.jpg

Scores

CVSS v3 9.8

EPSS 0.0055

EPSS Percentile 67.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-284

Status published

Products (3)

arris/tg1672g_firmware

arris/tg852g_firmware

arris/tg862g_firmware

Published Sep 11, 2023

Tracked Since Feb 18, 2026