Sign-up

ID

VAR-202312-2782


CVE

CVE-2023-40038


DESCRIPTION

Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.)

Trust: 1.0

sources: NVD: CVE-2023-40038

AFFECTED PRODUCTS

vendor:arrismodel:dg860ascope:eqversion: -

Trust: 1.0

vendor:arrismodel:dg1670ascope:eqversion:ts0901203b6_020420_16xx.gw_pc20_tw

Trust: 1.0

sources: NVD: CVE-2023-40038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-40038
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2023-40038
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2023-40038

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.0

sources: NVD: CVE-2023-40038

EXTERNAL IDS

db:NVDid:CVE-2023-40038

Trust: 1.0

sources: NVD: CVE-2023-40038

REFERENCES

url:https://github.com/actuator/cve/blob/main/arris/cve-2023-40038

Trust: 1.0

url:https://i.ebayimg.com/images/g/byaaaoswqcfi2b50/s-l1600.jpg

Trust: 1.0

sources: NVD: CVE-2023-40038

SOURCES

db:NVDid:CVE-2023-40038

LAST UPDATE DATE

2024-08-14T14:30:05.852000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2023-40038date:2024-01-04T16:18:01.263

SOURCES RELEASE DATE

db:NVDid:CVE-2023-40038date:2023-12-27T20:15:19.230