CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-23618 – Arris SURFboard SBG6950AC2 Arbitrary Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23618
25 Jan 2024 — An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. Existe una vulnerabilidad de ejecución de código arbitrario en los dispositivos Arris SURFboard SGB6950AC2. Un atacante no autenticado puede aprovechar esta vulnerabilidad para lograr la ejecución del código como root. • https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45992
https://notcve.org/view.php?id=CVE-2023-45992
19 Oct 2023 — A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certain admin activity, could allow the attacker to gain full admin privileges on the exploited system. Una vulnerabilidad en la interfaz web del producto RUCKUS Cloudpath en la versión 5.12 build 5538 o anterior podría ... • https://github.com/harry935/CVE-2023-45992 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 3CVE-2023-27571 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27571
07 Mar 2023 — An issue was discovered in DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. The troubleshooting_logs_download.php log file download functionality does not check the session cookie. Thus, an attacker can download all log files. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://packetstorm.news/files/id/171283 • CWE-306: Missing Authentication for Critical Function •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 3CVE-2023-27572 – Arris DG3450 AR01.02.056.18_041520_711.NCS.10 XSS / Missing Authentication
https://notcve.org/view.php?id=CVE-2023-27572
07 Mar 2023 — An issue was discovered in CommScope Arris DG3450 Cable Gateway AR01.02.056.18_041520_711.NCS.10. A reflected XSS vulnerability was discovered in the https_redirect.php web page via the page parameter. Arris DG3450 cable gateway version AR01.02.056.18_041520_711.NCS.10 suffers from cross site scripting and missing authentication vulnerabilities. • https://packetstorm.news/files/id/171283 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 49%CPEs: 6EXPL: 6CVE-2022-45701 – Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)
https://notcve.org/view.php?id=CVE-2022-45701
15 Feb 2023 — Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. • https://packetstorm.news/files/id/171001 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2022-27002
https://notcve.org/view.php?id=CVE-2022-27002
15 Mar 2022 — Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función ddns por medio de los parámetros ddns_name, ddns_pwd, h_ddns?ddns_host. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por... • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_10/10.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1CVE-2022-27001
https://notcve.org/view.php?id=CVE-2022-27001
15 Mar 2022 — Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función dhcp por medio del parámetro hostname. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición diseñada • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_7/7.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1CVE-2022-26999
https://notcve.org/view.php?id=CVE-2022-26999
15 Mar 2022 — Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función static ip settings por medio de los parámetros wan_ip_stat, wan_mask_stat, wan_gw_stat y wan_dns1_stat. Esta vu... • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_8/8.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1CVE-2022-27000
https://notcve.org/view.php?id=CVE-2022-27000
15 Mar 2022 — Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función time and time zone por medio de los parámetros h_primary_ntp_server, h_backup_ntp_server y h_time_zone. Esta vu... • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_12/12.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 1CVE-2022-26998
https://notcve.org/view.php?id=CVE-2022-26998
15 Mar 2022 — Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. se ha detectado que Arris TR3300 versión v1.0.13, contiene una vulnerabilidad de inyección de comandos en la función wps setting por medio del parámetro wps_enrolee_pin. Esta vulnerabilidad permite a atacantes ejecutar comandos arbitrarios por medio de una petición diseñada • https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_11/11.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •