6 matches found
Code injection
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors...
Design/Logic Flaw
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files...
CVE-2014-8425
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files...
CVE-2014-8424
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication...
CVE-2014-8424
CVE-2014-8424 affects ARRIS VAP2500 before FW08.41, where authentication handling does not properly validate passwords, allowing remote attackers to bypass authentication. The vulnerability is described across multiple sources (NVD entry and ZDI advisory) with exploit activity seen in public disc...
CVE-2014-8423
Arris VAP2500 devices are affected by CVE-2014-8423 in the management portal, enabling OS command injection/remote code execution via the tools_command.php page. Exploitation can bypass authentication by tampering a cookie (md5 hash of a valid username), allowing remote command execution with roo...