CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

0day.today•added 2023/04/06 12:0 a.m.•258 views

Arris Router Firmware 9.1.103 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost = "http://192.168.0....

8.8CVSS8.9AI score0.45313EPSS

Exploit DB•added 2023/04/06 12:0 a.m.•285 views

Arris Router Firmware 9.1.103 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...

8.8CVSS8.9AI score0.45313EPSS

Malwarebytes•added 2023/02/20 1:0 a.m.•23 views

A week in security (February 13 - 19)

Last week on Malwarebytes Labs: What is AI good at and what the heck is it, actually, with Josh Saxe: Lock and Code S04E04 Malwarebytes recognized as endpoint security leader by G2 CISA issues alert with South Korean government about DPRK's ransomware antics Jailbreaking ChatGPT and other large...

7.3AI score

Exploits0

Malwarebytes•added 2023/02/16 10:0 a.m.•80 views

Arris router vulnerability could lead to complete takeover

Security researcher Yerodin Richards has found an authenticated remote code execution RCE vulnerability in Arris routers. This is the type of router that ISPs typically provide in loan for customers telephony and internet access. After responsible disclosure Richards has published a...

9.4AI score0.45313EPSS

0day.today•added 2023/02/15 12:0 a.m.•370 views

Arris Router Firmware 9.1.103 Remote Code Execution Exploit

Arris Router Firmware version 9.1.103 authenticated remote code execution exploit that has been tested against the TG2482A, TG2492, and SBG10 models. Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage:...

8.8CVSS9.2AI score0.45313EPSS

Packet Storm•added 2023/02/15 12:0 a.m.•306 views

Arris Router Firmware 9.1.103 Remote Code Execution

c Exploit Title: Arris Router Firmware 9.1.103 - Remote Code Execution RCE Authenticated Date: 17/11/2022 Exploit Author: Yerodin Richards Vendor Homepage: https://www.commscope.com/ Version: 9.1.103 Tested on: TG2482A, TG2492, SBG10 CVE : CVE-2022-45701 import requests import base64 routerhost =...

0.4AI score0.45313EPSS

ATTACKERKB•added 2022/03/15 10:15 p.m.•1 views

CVE-2022-27000

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the hprimaryntpserver, hbackupntpserver, and htimezone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

10CVSS6.1AI score0.03453EPSS

OSV•added 2022/03/15 10:15 p.m.•2 views

CVE-2022-27001

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS7.5AI score

Exploits0References1

OSV•added 2022/03/15 10:15 p.m.•3 views

CVE-2022-27000

9.8CVSS7.5AI score0.03453EPSS

ATTACKERKB•added 2022/03/15 10:15 p.m.•3 views

CVE-2022-27001

10CVSS6.1AI score0.03453EPSS

OSV•added 2022/03/15 10:15 p.m.•5 views

CVE-2022-26997

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnpttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS7.5AI score0.03453EPSS

ATTACKERKB•added 2022/03/15 10:15 p.m.•6 views

CVE-2022-27002

10CVSS6.1AI score0.0612EPSS

OSV•added 2022/03/15 10:15 p.m.•3 views

CVE-2022-26998

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wpsenroleepin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

9.8CVSS7.5AI score0.03453EPSS

ATTACKERKB•added 2022/03/15 10:15 p.m.•4 views

CVE-2022-26995

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp wanpptp.html function via the pptpfixip, pptpfixmask, pptpfixgw, and wandns1stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

10CVSS6.1AI score0.02878EPSS

OSV•added 2022/03/15 10:15 p.m.•3 views

CVE-2022-26995

9.8CVSS7.5AI score0.02878EPSS

CNNVD•added 2022/03/15 12:0 a.m.•4 views

ARRIS TR3300 命令注入漏洞

ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS U.S.A. A command injection vulnerability exists in ARRIS TR3300, which stems from the pppoeusername, pppoepasswd, and pppoeservicename parameters in the pppoe function failing to properly filter the construct command special characters, commands...

10CVSS5.9AI score0.02878EPSS

CNNVD•added 2022/03/15 12:0 a.m.•3 views

ARRIS SBR-AC1900P和ARRIS SBR-AC3200P 操作系统命令注入漏洞

ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS USA. Multiple ARRIS products command injection vulnerability, which stems from the firewall local logging feature failing to properly filter constructed command special characters, commands, etc. An attacker could exploit...

9.8CVSS5.9AI score0.02901EPSS