9 matches found
CVE-2022-26993
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoeService parameters. This vulnerability allows attackers to execute arbitrary...
CVE-2025-9581
A vulnerability was detected in Comfast CF-N1 2.6.0. This impacts the function multipppoe of the file /usr/bin/webmgnt. Performing manipulation of the argument phyinterface results in command injection. The attack may be initiated remotely. The exploit is now public and may be used...
ARRIS TR3300 Command Injection Vulnerability (CNVD-2022-68528)
ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS U.S.A. A command injection vulnerability exists in ARRIS TR3300, which stems from the pppoeusername, pppoepasswd, and pppoeservicename parameters in the pppoe function failing to properly filter the construct command special characters, commands...
Multiple ARRIS Product Command Injection Vulnerabilities (CNVD-2022-68533)
ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the pppoeUserName, pppoePassword, and pppoeService parameters in the pppoe function failing to properly filter the...
CVE-2022-26993
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoeService parameters. This vulnerability allows attackers to execute arbitrary...
Command injection
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoeService parameters. This vulnerability allows attackers to execute arbitrary...
Command injection
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoeusername, pppoepasswd, and pppoeservicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-26996
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoeusername, pppoepasswd, and pppoeservicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request...
CVE-2022-26996
CVE-2022-26996 affects Arris TR3300 v1.0.13, introducing a command-injection flaw in the pppoe function via crafted pppoe_username, pppoe_passwd, and pppoe_servicename parameters. Exploitation allows arbitrary command execution without user interaction. Public sources in the provided set (NVD/Red...