ID
VAR-202308-3954
TITLE
Arris VAP2500 Remote Code Execution Vulnerability (CNVD-2023-62027)
Trust: 0.6
sources:
CNVD: CNVD-2023-62027
DESCRIPTION
Arris VAP2500, a device launched by Arris Group, is a video gateway and WIFI signal booster for extending home network coverage and providing wireless connectivity. Arris VAP2500 has a remote code execution vulnerability. The vulnerability stems from the fact that the list_mac_address.php file does not strictly filter and restrict the macaddr parameters passed in by users. Attackers can use this vulnerability to cause command injection through carefully constructed macaddr parameters.
Trust: 0.6
sources:
CNVD: CNVD-2023-62027
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2023-62027
AFFECTED PRODUCTS
| vendor: | arris | model: | group arris vap2500 | scope: | - | version: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2023-62027
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2023-62027
PATCH
| title: | Patch for Arris VAP2500 Remote Code Execution Vulnerability (CNVD-2023-62027) | url: | https://www.cnvd.org.cn/patchinfo/show/449621 | Trust: 0.6 |
sources:
CNVD: CNVD-2023-62027
EXTERNAL IDS
| db: | CNVD | id: | CNVD-2023-62027 | Trust: 0.6 |
sources:
CNVD: CNVD-2023-62027
REFERENCES
| url: | https://github.com/nassim-asrir/arrisvap2500-exploit | Trust: 0.6 |
sources:
CNVD: CNVD-2023-62027
SOURCES
| db: | CNVD | id: | CNVD-2023-62027 |
LAST UPDATE DATE
2023-09-28T23:03:44.940000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2023-62027 | date: | 2023-08-09T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2023-62027 | date: | 2023-08-09T00:00:00 |