Command Injection Vulnerability in Arris Routers
CVE-2022-26994
9.8CRITICAL
What is CVE-2022-26994?
Arris routers, specifically models SBR-AC1900P, SBR-AC3200P, and SBR-AC1200P, have a critical command injection vulnerability arising from insecure handling of user inputs in the pptp function. This issue occurs via the pptpUserName and pptpPassword parameters, allowing attackers to send specially crafted requests that can execute arbitrary commands on the router. As a result, this could lead to unauthorized access or compromise of the router's functionality.
