Command Injection Vulnerability in Arris VAP2500 Product
CVE-2024-5196

Currently unrated

Key Information:

Vendor

Arris

Status
Vendor
CVE Published:
22 May 2024

What is CVE-2024-5196?

A command injection vulnerability exists in the Arris VAP2500, specifically within the /tools_command.php file. This issue arises from improper handling of user input in the cmb_header/txt_command arguments, allowing attackers to execute arbitrary commands from a remote location. The vulnerability has been publicly disclosed and poses significant risks for users of VAP2500 versions 08.50. It is crucial for affected users to apply security updates and employ monitoring strategies to mitigate potential exploitation.

References

Timeline

  • Vulnerability published

.