Code injection

2019-07-0918:15:00

PRIOn knowledge base

www.prio-n.com

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.7%

JSON

Arlo Basestation firmware 1.12.0.1_27940 and prior firmware contain a networking misconfiguration that allows access to restricted network interfaces. This could allow an attacker to upload or download arbitrary files and possibly execute malicious code on the device.

CPENameOperatorVersion
vmb3010_firmwareeq< 1.12.2.3-2762
vmb3500_firmwareeq< 1.12.2.4-2773
vmb4000_firmwareeq< 1.12.2.3-2762
vmb4500_firmwareeq< 1.12.2.4-2773
vmb5000_firmwareeq< 1.12.2.2-2824

Name	Operator	Version
vmb3010_firmware	eq	< 1.12.2.3-2762
vmb3500_firmware	eq	< 1.12.2.4-2773
vmb4000_firmware	eq	< 1.12.2.3-2762
vmb4500_firmware	eq	< 1.12.2.4-2773
vmb5000_firmware	eq	< 1.12.2.2-2824