CVE-2023-40039

moderate-risk
Published 2023-09-11

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.

Do I need to act?

-
0.55% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (3)

Tg852G Firmware
Tg862G Firmware
Tg1672G Firmware

Affected Vendors

Arris

References (6)

Third Party Advisory https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40039
Product https://i.ebayimg.com/images/g/-UcAAOSwDe1kyD-Z/s-l1600.png
Product https://i.ebayimg.com/images/g/4P0AAOSwdhxkrZtt/s-l1600.jpg
Third Party Advisory https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40039
Product https://i.ebayimg.com/images/g/-UcAAOSwDe1kyD-Z/s-l1600.png
Product https://i.ebayimg.com/images/g/4P0AAOSwdhxkrZtt/s-l1600.jpg
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 2/34 · Minimal
Exposure 9/34 · Low