CVE-2023-28461

CVE-2023-28461 affects Array Networks ArrayOS Array AG Series and vxAG (≤ 9.4.0.481). The vulnerability allows unauthenticated remote code execution by exploiting a flag in an HTTP header to browse the device filesystem and reach a vulnerable URL. PTSecurity notes evidence of active exploitation;...

CVE-2023-24613

CVE-2023-24613 affects Array Networks AG Series and vxAG UI (v9.4.0.470). A remote attacker with administrator access could use gdb to overwrite the backend function call stack in the UI handling binary, enabling a denial-of-service condition. The issue is resolved in AG 9.4.0.481. Affected versi...

CVE-2023-51707

CVE-2023-51707 affects MotionPro in Array ArrayOS AG prior to 9.4.0.505, where remote command execution is possible via specially crafted packets. Affected: AG and vxAG before 9.4.0.505; unaffected: AG/vxAG 9.3.0.259.x. Impact is remote code execution with network attack vector and no user intera...

CVE-2022-42897

The CVE-2022-42897 entry concerns Array Networks VXG/vxAG with ArrayOS AG before 9.4.0.469, which suffers unauthenticated command injection leading to privilege escalation and control of the system. The issue affects versions prior to 9.4.0.469; ArrayOS AG 10.x is unaffected. Exploitation details...

CVE-2023-41121

CVE-2023-41121 affects Array Networks ArrayOS AG OS prior to version 9.4.0.499. The vulnerability allows remote attackers to cause denial of service by sending abnormal HTTP operations that crash system service processes. The issue originates from abnormal HTTP handling leading to process instabi...

CVE-2025-66644

CVE-2025-66644 affects Array Networks ArrayOS AG before 9.4.5.9, with an OS command injection vulnerability that could allow an attacker to execute arbitrary commands. Exploitation has been observed in the wild between August and December 2025, impacting ArrayOS AG versions up to 9.4.5.8. Remedia...