ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS USA. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the TimeZone parameter in the ntp function failing to properly filter the construct command special characters, commands, etc. An attacker could use this vulnerability to cause arbitrary command execution.