CVE-2024-5196 – Arris VAP2500 tools_command.php command injection
https://notcve.org/view.php?id=CVE-2024-5196
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-tools_command.php.pdf https://vuldb.com/?ctiid.265833 https://vuldb.com/?id.265833 https://vuldb.com/?submit.335254 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-5195 – Arris VAP2500 diag_s.php command injection
https://notcve.org/view.php?id=CVE-2024-5195
A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-diag_s.php.pdf https://vuldb.com/?ctiid.265832 https://vuldb.com/?id.265832 https://vuldb.com/?submit.335253 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVE-2024-5194 – Arris VAP2500 assoc_table.php command injection
https://notcve.org/view.php?id=CVE-2024-5194
A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-assoc_table.php.pdf https://vuldb.com/?ctiid.265831 https://vuldb.com/?id.265831 https://vuldb.com/?submit.335252 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •