EUVD-2020-7492

Malware in sbrugna...

Multiple ARRIS product command injection vulnerabilities

ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the DdnsUserName, DdnsHostName, and DdnsPassword parameters in the ddns function failing to properly filter the construct...

CVE-2022-26991

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-26990

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers...

CVE-2022-26992

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands...

CVE-2022-26993

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoeService parameters. This vulnerability allows attackers to execute arbitrary...

CVE-2022-26993

CVE-2022-26993 affects ARRIS SBR-AC1900P (1.0.7-B05), SBR-AC3200P (1.0.7-B05), and SBR-AC1200P (1.0.5-B05). A command-injection vulnerability exists in the pppoe function exploitable via the pppoeUserName, pppoePassword, and pppoe_Service parameters, enabling arbitrary command execution through a...

CVE-2022-26991

CVE-2022-26991 concerns Arris routers SBR-AC1900P (1.0.7-B05), SBR-AC3200P (1.0.7-B05) and SBR-AC1200P (1.0.5-B05). A command-injection in the ntp function via the TimeZone parameter allows an attacker to execute arbitrary commands through a crafted request. Public sources consistently describe i...

CVE-2022-26990

Arris SBR-AC1900P (1.0.7-B05), SBR-AC3200P (1.0.7-B05) and SBR-AC1200P (1.0.5-B05) are affected by a command-injection vulnerability in the firewall-local log function, exploitable via EmailAddress, SmtpServerName, SmtpUsername and SmtpPassword. The issue allows arbitrary commands to be executed ...

PT-2022-18170 · Arris · Sbr-Ac1900P +2

Name of the Vulnerable Software and Affected Versions: Arris routers SBR-AC1900P version 1.0.7-B05 Arris routers SBR-AC3200P version 1.0.7-B05 Arris routers SBR-AC1200P version 1.0.5-B05 Description: A command injection issue was discovered in the pptp function via the pptpUserName and pptpPasswo...

PT-2022-18167 · Arris · Sbr-Ac1900P +2

Name of the Vulnerable Software and Affected Versions: Arris routers SBR-AC1900P version 1.0.7-B05 Arris routers SBR-AC3200P version 1.0.7-B05 Arris routers SBR-AC1200P version 1.0.5-B05 Description: A command injection issue was discovered in the ntp function via the TimeZone parameter, allowing...

ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞

ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS USA. Multiple ARRIS products command injection vulnerability, which stems from the firewall local logging feature failing to properly filter constructed command special characters, commands, etc. An attacker could exploit...

ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞

ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the pptpUserName and pptpPassword parameters in the pptp function failing to properly filter the construct command specia...

CVE-2020-15499

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.38520253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page...

CVE-2020-15498

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.38520253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files...

CVE-2020-15498

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.38520253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files...

CVE-2020-15499

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.38520253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page...

Code injection

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.38520253. They allow XSS via spoofed Release Notes on the Firmware Upgrade page...

CVE-2020-15498

An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.38520253. The router accepts an arbitrary server certificate for a firmware update. The culprit is the --no-check-certificate option passed to wget tool used to download firmware update files...

CVE-2020-15498

CVE-2020-15498 affects ASUS RT-AC1900P routers prior to 3.0.0.4.385_20253. The vulnerability stems from the firmware update mechanism accepting unvalidated server certificates due to the use of wget with the --no-check-certificate option. This enables potential man-in-the-middle scenarios during ...