Details of VAR-201706-1188

ID

VAR-201706-1188

TITLE

ARRIS VAP2500 list_mac_address macaddr Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-16-693

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the macaddr parameter provided to the list_mac_address.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root.

Trust: 0.7

sources: ZDI: ZDI-16-693

AFFECTED PRODUCTS

vendor:

arris

model:

vap2500

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-16-693

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-16-693
value:	HIGH
Trust: 0.7

ZDI:	ZDI-16-693
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7

sources: ZDI: ZDI-16-693

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-3870	Trust: 0.7
db:	ZDI	id:	ZDI-16-693	Trust: 0.7

sources: ZDI: ZDI-16-693

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-16-693

SOURCES

db:

ZDI

id:

ZDI-16-693

LAST UPDATE DATE

2022-05-17T02:10:31.290000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-16-693

date:

2017-06-26T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-16-693

date:

2017-06-26T00:00:00