3 matches found
CVE-2014-8423
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vap2500toolscommandexec.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:32+00:00| seen...
Arris VAP2500 tools_command.php Command Execution
Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the toolscommand.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username. This module requires...
CVE-2014-8423
Arris VAP2500 devices are affected by CVE-2014-8423 in the management portal, enabling OS command injection/remote code execution via the tools_command.php page. Exploitation can bypass authentication by tampering a cookie (md5 hash of a valid username), allowing remote command execution with roo...