ID
CVE
TITLE
ARRIS Group of ARRIS VAP2500 Command injection vulnerability in firmware
sources:
JVNDB: JVNDB-2024-028927
DESCRIPTION
A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265833 was assigned to this vulnerability. ARRIS Group of ARRIS VAP2500 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
sources:
NVD: CVE-2024-5196 //
JVNDB: JVNDB-2024-028927
AFFECTED PRODUCTS
| vendor: | arris | model: | vap2500 | scope: | eq | version: | 08.50 | |
| vendor: | arris group | model: | vap2500 | scope: | eq | version: | - | |
| vendor: | arris group | model: | vap2500 | scope: | eq | version: | arris vap2500 firmware 08.50 | |
| vendor: | arris group | model: | vap2500 | scope: | - | version: | - | |
sources:
JVNDB: JVNDB-2024-028927 //
NVD: CVE-2024-5196
CVSS
SEVERITY | CVSSV2 | CVSSV3 |
| cna@vuldb.com: | CVE-2024-5196 | |
|
| value: | MEDIUM | | | nvd@nist.gov: | CVE-2024-5196 | |
|
| value: | HIGH | | | OTHER: | JVNDB-2024-028927 | |
|
| value: | HIGH | |
| | cna@vuldb.com: | CVE-2024-5196 | |
|
| severity: | MEDIUM | | baseScore: | 5.8 | | vectorString: | AV:N/AC:L/AU:M/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | MULTIPLE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | 6.4 | | impactScore: | 6.4 | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | | | OTHER: | JVNDB-2024-028927 | |
|
| severity: | MEDIUM | | baseScore: | 5.8 | | vectorString: | AV:N/AC:L/AU:M/C:P/I:P/A:P | | accessVector: | NETWORK | | accessComplexity: | LOW | | authentication: | MULTIPLE | | confidentialityImpact: | PARTIAL | | integrityImpact: | PARTIAL | | availabilityImpact: | PARTIAL | | exploitabilityScore: | NONE | | impactScore: | NONE | | acInsufInfo: | NONE | | obtainAllPrivilege: | NONE | | obtainUserPrivilege: | NONE | | obtainOtherPrivilege: | NONE | | userInteractionRequired: | NONE | | version: | 2.0 | |
| | cna@vuldb.com: | CVE-2024-5196 | |
|
| baseSeverity: | MEDIUM | | baseScore: | 4.7 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | LOW | | integrityImpact: | LOW | | availabilityImpact: | LOW | | exploitabilityScore: | 1.2 | | impactScore: | 3.4 | | version: | 3.1 | | | nvd@nist.gov: | CVE-2024-5196 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.2 | | vectorString: | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | 1.2 | | impactScore: | 5.9 | | version: | 3.1 | | | NVD: | JVNDB-2024-028927 | |
|
| baseSeverity: | HIGH | | baseScore: | 7.2 | | vectorString: | CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | | attackVector: | NETWORK | | attackComplexity: | LOW | | privilegesRequired: | HIGH | | userInteraction: | NONE | | scope: | UNCHANGED | | confidentialityImpact: | HIGH | | integrityImpact: | HIGH | | availabilityImpact: | HIGH | | exploitabilityScore: | NONE | | impactScore: | NONE | | version: | 3.0 | |
|
sources:
JVNDB: JVNDB-2024-028927 //
NVD: CVE-2024-5196 //
NVD: CVE-2024-5196
PROBLEMTYPE DATA
| problemtype: | CWE-77 | |
| problemtype: | Command injection (CWE-77) [ others ] | |
sources:
JVNDB: JVNDB-2024-028927 //
NVD: CVE-2024-5196
EXTERNAL IDS
| db: | NVD | id: | CVE-2024-5196 | |
| db: | VULDB | id: | 265833 | |
| db: | JVNDB | id: | JVNDB-2024-028927 | |
sources:
JVNDB: JVNDB-2024-028927 //
NVD: CVE-2024-5196
REFERENCES
| url: | https://vuldb.com/?id.265833 | |
| url: | https://vuldb.com/?submit.335254 | |
| url: | https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2b%26%5be4%3flp5%3fk9_%3d%5d/arris_vap2500-rce-tools_command.php.pdf | |
| url: | https://vuldb.com/?ctiid.265833 | |
| url: | https://nvd.nist.gov/vuln/detail/cve-2024-5196 | |
sources:
JVNDB: JVNDB-2024-028927 //
NVD: CVE-2024-5196
SOURCES
| db: | JVNDB | id: | JVNDB-2024-028927 |
| db: | NVD | id: | CVE-2024-5196 |
LAST UPDATE DATE
2025-11-22T23:05:38.293000+00:00
SOURCES UPDATE DATE
| db: | JVNDB | id: | JVNDB-2024-028927 | date: | 2025-10-17T01:24:00 |
| db: | NVD | id: | CVE-2024-5196 | date: | 2025-10-14T19:36:24.623 |
SOURCES RELEASE DATE
| db: | JVNDB | id: | JVNDB-2024-028927 | date: | 2025-10-17T00:00:00 |
| db: | NVD | id: | CVE-2024-5196 | date: | 2024-05-22T12:15:11.097 |
