Details of VAR-201706-1190

ID

VAR-201706-1190

TITLE

ARRIS VAP2500 list_mac_address cmb_macaddrfilter Command Injection Remote Code Execution Vulnerability

Trust: 0.7

sources: ZDI: ZDI-16-694

DESCRIPTION

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the cmb_macaddrfilter parameter provided to the list_mac_address.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root.

Trust: 0.7

sources: ZDI: ZDI-16-694

AFFECTED PRODUCTS

vendor:

arris

model:

vap2500

scope:

version:

Trust: 0.7

sources: ZDI: ZDI-16-694

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	ZDI-16-694
value:	HIGH
Trust: 0.7

ZDI:	ZDI-16-694
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7

sources: ZDI: ZDI-16-694

EXTERNAL IDS

db:	ZDI_CAN	id:	ZDI-CAN-3871	Trust: 0.7
db:	ZDI	id:	ZDI-16-694	Trust: 0.7

sources: ZDI: ZDI-16-694

CREDITS

Ricky "HeadlessZeke" Lawshae

Trust: 0.7

sources: ZDI: ZDI-16-694

SOURCES

db:

ZDI

id:

ZDI-16-694

LAST UPDATE DATE

2022-05-17T01:36:26.166000+00:00

SOURCES UPDATE DATE

db:

ZDI

id:

ZDI-16-694

date:

2017-06-26T00:00:00

SOURCES RELEASE DATE

db:

ZDI

id:

ZDI-16-694

date:

2017-06-26T00:00:00