The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have a hardcoded administrator password derived from a serial number, which makes it easier for. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.