Command Injection Vulnerability in Arris VAP2500 Product
CVE-2024-5196
Currently unrated
What is CVE-2024-5196?
A command injection vulnerability exists in the Arris VAP2500, specifically within the /tools_command.php file. This issue arises from improper handling of user input in the cmb_header/txt_command arguments, allowing attackers to execute arbitrary commands from a remote location. The vulnerability has been publicly disclosed and poses significant risks for users of VAP2500 versions 08.50. It is crucial for affected users to apply security updates and employ monitoring strategies to mitigate potential exploitation.