Remote Command Injection Vulnerability in Arris VAP2500
CVE-2024-5195

Currently unrated

Key Information:

Vendor: Arris
Vendor: CVE Published:; 22 May 2024

What is CVE-2024-5195?

A critical command injection vulnerability has been identified in the Arris VAP2500 device, specifically affecting the /diag_s.php file. This vulnerability allows an attacker to manipulate the 'customer_info' argument, leading to potentially severe security breaches. The command injection can be executed remotely, making it especially dangerous. With the public disclosure of this exploit, it is crucial for users and organizations employing the Arris VAP2500 product to take immediate action to secure their systems against potential exploits.

References

https://vuldb.com/?id.265832

https://vuldb.com/?ctiid.265832

https://vuldb.com/?submit.335253

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 22, 2024