ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the pptpUserName and pptpPassword parameters in the pptp function failing to properly filter the construct command special characters, commands, etc. An attacker could use this vulnerability to cause arbitrary command execution.