Command Injection Vulnerability in Arris Routers
CVE-2022-26991
9.8CRITICAL
What is CVE-2022-26991?
A command injection vulnerability exists in Arris routers, specifically in the ntp function when processing the TimeZone parameter. This flaw enables attackers to send specially crafted requests, potentially executing arbitrary commands on the affected devices. Models SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P in specified versions are impacted, raising significant security concerns for users relying on these routers.
