Lucene search
China National Vulnerability DatabaseCNVD-2022-68535HistoryMar 17, 2022 - 12:00 a.m.
Multiple ARRIS product command injection vulnerabilities
2022-03-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
arris
sbr-ac1900p
sbr-ac3200p
sbr-ac1200p
wi-fi router
command injection
ddnsusername
ddnshostname
ddnspassword
vulnerability
arbitrary command execution
cnvd
EPSS
0.002
Percentile
52.4%
ARRIS SBR-AC1900P, SBR-AC3200P and SBR-AC1200P is a Wi-Fi router from ARRIS, Inc. Multiple ARRIS products are vulnerable to a command injection vulnerability, which stems from the DdnsUserName, DdnsHostName, and DdnsPassword parameters in the ddns function failing to properly filter the construct command special characters, commands, etc. An attacker could use this vulnerability to cause arbitrary command execution.
Related
prion
prion
Command injection
2022-03-15 22:15:00
cve
cve
CVE-2022-26992
2022-03-15 22:15:14
nvd
nvd
CVE-2022-26992
2022-03-15 22:15:14
cvelist
cvelist
CVE-2022-26992
2022-03-15 21:56:26
malwarebytes
malwarebytes
Millions of Arris routers are vulnerable to path traversal attacks
2022-08-01 17:31:40
Millions of Arris routers are vulnerable to path traversal attacks
2022-08-01 17:00:00
checkpoint_advisories
checkpoint_advisories