Sign-up

ID

VAR-201706-1186


TITLE

ARRIS VAP2500 list_mac_address Authentication Bypass Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-16-696

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the authentication validation mechanism of the used in the list_mac_address.php management portal page. The issue lies in the failure to stop processing the page after an unsuccessful attempt to validate authentication. An attacker can leverage this vulnerability to execute code under the context of root.

Trust: 0.7

sources: ZDI: ZDI-16-696

AFFECTED PRODUCTS

vendor:arrismodel:vap2500scope: - version: -

Trust: 0.7

sources: ZDI: ZDI-16-696

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: ZDI-16-696
value: HIGH

Trust: 0.7

ZDI: ZDI-16-696
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.7

sources: ZDI: ZDI-16-696

EXTERNAL IDS

db:ZDI_CANid:ZDI-CAN-3873

Trust: 0.7

db:ZDIid:ZDI-16-696

Trust: 0.7

sources: ZDI: ZDI-16-696

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-16-696

SOURCES

db:ZDIid:ZDI-16-696

LAST UPDATE DATE

2022-05-17T02:07:05.882000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-16-696date:2017-06-26T00:00:00

SOURCES RELEASE DATE

db:ZDIid:ZDI-16-696date:2017-06-26T00:00:00