Remote Credential Exposure in ARRIS VAP2500 Product by ARRIS
CVE-2014-8425

Currently unrated

Key Information:

Vendor: Arris
Status: Vap2500 Firmware
Vendor: CVE Published:; 28 November 2014

What is CVE-2014-8425?

The ARRIS VAP2500 management portal prior to firmware version FW08.41 has a security vulnerability that allows remote attackers to access sensitive configuration files. Exploiting this vulnerability can lead to the unintended disclosure of user credentials, potentially compromising the security of the device and its network. It is crucial for users of the affected product to apply the latest firmware updates to mitigate these risks.

References

http://www.zerodayinitiative.com/advisories/ZDI-14-387/

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2014
Vulnerability Reserved
Oct 22, 2014

Arris

What is CVE-2014-8425?

References

EPSS Score

Timeline