Arbitrary Code Execution Vulnerability in Arris NVG443B Router
CVE-2024-41643

6.8MEDIUM

Key Information:

Vendor: Arris
Status: Arris NVG443B
Vendor: CVE Published:; 26 March 2025

What is CVE-2024-41643?

An identified security weakness in the Arris NVG443B router allows a physically proximate attacker to exploit the cshell login component, potentially enabling unauthorized execution of arbitrary code. This flaw exposes the device to serious risks, including unauthorized access and control over router functionalities, posing threats to connected devices and the network's integrity.

References

https://gavpherk.github.io/GavinKelsey/

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 26, 2025
Vulnerability Reserved
Jul 18, 2024