Command Injection Vulnerability in Arris Routers
CVE-2022-26993
9.8CRITICAL
What is CVE-2022-26993?
Several Arris routers, including models SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P, have been found to possess a command injection vulnerability. This security flaw occurs in the PPPoE functionality, allowing attackers to manipulate the pppoeUserName, pppoePassword, and pppoe_Service parameters to run arbitrary commands through specially crafted requests. This vulnerability poses significant risks to network integrity and user data security.
