Command Injection Vulnerability in Arris VAP2500
CVE-2024-5194

Currently unrated

Key Information:

Vendor: Arris
Vendor: CVE Published:; 22 May 2024

What is CVE-2024-5194?

A critical command injection vulnerability exists in the Arris VAP2500 device, specifically affecting version 08.50. The weakness is found in the handling of input parameters within the /assoc_table.php script, where manipulation of the 'id' argument can lead to arbitrary command execution. This vulnerability can be exploited remotely, making it particularly dangerous as attackers can gain unauthorized access and control of affected devices without the need for physical presence. The exploit has been publicly disclosed, which increases the risk of widespread attacks. Organizations using the Arris VAP2500 should take immediate action to mitigate potential threats.

References

https://vuldb.com/?id.265831

https://vuldb.com/?ctiid.265831

https://vuldb.com/?submit.335252

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2024