CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5196 – Arris VAP2500 tools_command.php command injection
https://notcve.org/view.php?id=CVE-2024-5196
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-tools_command.php.pdf https://vuldb.com/?ctiid.265833 https://vuldb.com/?id.265833 https://vuldb.com/?submit.335254 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5195 – Arris VAP2500 diag_s.php command injection
https://notcve.org/view.php?id=CVE-2024-5195
A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-diag_s.php.pdf https://vuldb.com/?ctiid.265832 https://vuldb.com/?id.265832 https://vuldb.com/?submit.335253 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5194 – Arris VAP2500 assoc_table.php command injection
https://notcve.org/view.php?id=CVE-2024-5194
A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. • https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-assoc_table.php.pdf https://vuldb.com/?ctiid.265831 https://vuldb.com/?id.265831 https://vuldb.com/?submit.335252 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-40038
https://notcve.org/view.php?id=CVE-2023-40038
Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last digit.) Los dispositivos Arris DG860A y DG1670A tienen PSK WPA2 predeterminados predecibles que podrían provocar un acceso remoto no autorizado. (Usan los primeros 6 caracteres del SSID y los últimos 6 caracteres del BSSID, disminuyendo el último dígito). • https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40038 https://i.ebayimg.com/images/g/ByAAAOSwQCFi2b50/s-l1600.jpg • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2023-40039
https://notcve.org/view.php?id=CVE-2023-40039
An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. Se descubrió un problema en los dispositivos ARRIS TG852G, TG862G y TG1672G. Un atacante remoto (cerca de una red Wi-Fi) puede derivar el valor WPA2-PSK predeterminado observando un trama beacon. • https://github.com/actuator/cve/blob/main/Arris/CVE-2023-40039 https://i.ebayimg.com/images/g/-UcAAOSwDe1kyD-Z/s-l1600.png https://i.ebayimg.com/images/g/4P0AAOSwdhxkrZtt/s-l1600.jpg •