Command Injection Vulnerability in Arris Routers
CVE-2022-26992

9.8CRITICAL

Key Information:

Vendor

Arris

Status
Sbr-ac1900p Firmware
Vendor
CVE Published:
15 March 2022

What is CVE-2022-26992?

A command injection flaw in specific Arris routers enables malicious actors to execute arbitrary commands using crafted requests. This vulnerability is present in the Dynamic Domain Name System (DDNS) functionality, particularly through the DdnsUserName, DdnsHostName, and DdnsPassword parameters, which may be exploited if not properly secured.

References

https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_3...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.