Submit #335254: Arris Group Arris VAP2500 AT.08.50 Command Injectioninfo

TitleArris Group Arris VAP2500 AT.08.50 Command Injection
DescriptionThere is a remote command execution vulnerability in the ARRIS-VAP2500 backend,the parameters in the interface /tools_command.php are not verified, causing any command to be executed to obtain server permissions.
Source⚠️ https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-tools_command.php.pdf
User
 H0e4a0r1t (UID 65358)
Submission05/15/2024 05:40 (2 years ago)
Moderation05/22/2024 07:21 (7 days later)
StatusAccepted
VulDB entry265833 [Arris VAP2500 08.50 /tools_command.php cmb_header/txt_command command injection]
Points17

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!