| Title | Arris Group Arris VAP2500 AT.08.50 Command Injection |
|---|
| Description | There is a remote command execution vulnerability in the ARRIS-VAP2500 backend,the parameters in the interface /tools_command.php are not verified, causing any command to be executed to obtain server permissions. |
|---|
| Source | ⚠️ https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-tools_command.php.pdf |
|---|
| User | H0e4a0r1t (UID 65358) |
|---|
| Submission | 15.05.2024 05:40 (vor 9 Monaten) |
|---|
| Moderation | 22.05.2024 07:21 (7 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Entry | 265833 [Arris VAP2500 08.50 /tools_command.php cmb_header/txt_command privilege escalation] |
|---|
| Points | 17 |
|---|