ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the pppoeUserName, pppoePassword, and pppoe_Service parameters in the pppoe function failing to properly filter the construct command special characters, commands, etc. An attacker could use this vulnerability to cause arbitrary command execution.