CVE-2022-26994

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted...

CVE-2024-51246

In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doPPTP function...

PT-2024-34572 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into "mainfunction.cgi" and execute arbitrary commands by calling the doPPTP function. Recommendations: For Draytek Vigor3900 version...

CVE-2023-25119

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2022-26994

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted...

CVE-2022-26995

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp wanpptp.html function via the pptpfixip, pptpfixmask, pptpfixgw, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2022-26994

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted...

PT-2022-18170 · Arris · Sbr-Ac1900P +2

Name of the Vulnerable Software and Affected Versions: Arris routers SBR-AC1900P version 1.0.7-B05 Arris routers SBR-AC3200P version 1.0.7-B05 Arris routers SBR-AC1200P version 1.0.5-B05 Description: A command injection issue was discovered in the pptp function via the pptpUserName and pptpPasswo...

ARRIS TR3300 命令注入漏洞

ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS U.S.A. A command injection vulnerability exists in ARRIS TR3300, which stems from the failure of the pptpfixip, pptpfixmask, pptpfixgw, and wandns1stat parameters in the pptp function. properly filter the construct command special characters,...