Описание
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:arris:sbr-ac1900p_firmware:1.0.7-b05:*:*:*:*:*:*:*
cpe:2.3:h:arris:sbr-ac1900p:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:arris:sbr-ac3200p_firmware:1.0.7-b05:*:*:*:*:*:*:*
cpe:2.3:h:arris:sbr-ac3200p:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:arris:sbr-ac1200p_firmware:1.0.5-b05:*:*:*:*:*:*:*
cpe:2.3:h:arris:sbr-ac1200p:-:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.09563
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
почти 4 года назад
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
EPSS
Процентиль: 93%
0.09563
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-78