Authentication Bypass Vulnerability in ARRIS VAP2500
CVE-2014-8424

Currently unrated

Key Information:

Vendor

Arris

Status
Vap2500 Firmware
Vendor
CVE Published:
28 November 2014

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 46%

What is CVE-2014-8424?

The ARRIS VAP2500, prior to firmware version FW08.41, contains an authentication bypass vulnerability due to improper password validation. This flaw enables remote attackers to gain unauthorized access by circumventing the authentication mechanism, potentially compromising network integrity and exposing sensitive information.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2014-8424
Created by Rapid7

References

http://www.zerodayinitiative.com/advisories/ZDI-14-388/
x_refsource_MISC

EPSS Score

46% chance of being exploited in the next 30 days.

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.