3 matches found
CVE-2014-8424
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vap2500toolscommandexec.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:32+00:00| seen...
Arris VAP2500 tools_command.php Command Execution
Arris VAP2500 access points are vulnerable to OS command injection in the web management portal via the toolscommand.php page. Though authentication is required to access this page, it is trivially bypassed by setting the value of a cookie to an md5 hash of a valid username. This module requires...
CVE-2014-8424
CVE-2014-8424 affects ARRIS VAP2500 before FW08.41, where authentication handling does not properly validate passwords, allowing remote attackers to bypass authentication. The vulnerability is described across multiple sources (NVD entry and ZDI advisory) with exploit activity seen in public disc...