Search

Find a vulnerability

Search criteria

    13 vulnerabilities found for vap2500 by arris

    VAR-202405-1802

    Vulnerability from variot - Updated: 2025-11-22 23:35

    A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265832. ARRIS Group of ARRIS VAP2500 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-1802",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "arris",
            "version": "08.50"
          },
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "arris group",
            "version": null
          },
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.8,
            "vendor": "arris group",
            "version": null
          },
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "arris group",
            "version": "arris vap2500  firmware  08.50"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "cve": "CVE-2024-5195",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.4,
                "id": "CVE-2024-5195",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Multiple",
                "author": "OTHER",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-028895",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-5195",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-5195",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-028895",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-5195",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-5195",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-028895",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265832. ARRIS Group of ARRIS VAP2500 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-5195",
            "trust": 2.6
          },
          {
            "db": "VULDB",
            "id": "265832",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "id": "VAR-202405-1802",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2025-11-22T23:35:12.904000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.265832"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.335253"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2b%26%5be4%3flp5%3fk9_%3d%5d/arris_vap2500-rce-diag_s.php.pdf"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.265832"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-5195"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-16T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "date": "2024-05-22T11:15:54.063000",
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-16T07:20:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          },
          {
            "date": "2025-10-14T19:36:59.180000",
            "db": "NVD",
            "id": "CVE-2024-5195"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS\u00a0Group\u00a0 of \u00a0ARRIS\u00a0VAP2500\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028895"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202405-1813

    Vulnerability from variot - Updated: 2025-11-22 23:05

    A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265833 was assigned to this vulnerability. ARRIS Group of ARRIS VAP2500 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-1813",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "arris",
            "version": "08.50"
          },
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "arris group",
            "version": null
          },
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "arris group",
            "version": "arris vap2500  firmware  08.50"
          },
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.8,
            "vendor": "arris group",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "cve": "CVE-2024-5196",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.4,
                "id": "CVE-2024-5196",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "Multiple",
                "author": "OTHER",
                "availabilityImpact": "Partial",
                "baseScore": 5.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-028927",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-5196",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-5196",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 7.2,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "JVNDB-2024-028927",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "High",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-5196",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-5196",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "OTHER",
                "id": "JVNDB-2024-028927",
                "trust": 0.8,
                "value": "High"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265833 was assigned to this vulnerability. ARRIS Group of ARRIS VAP2500 Firmware contains a command injection vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          }
        ],
        "trust": 1.62
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-5196",
            "trust": 2.6
          },
          {
            "db": "VULDB",
            "id": "265833",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "id": "VAR-202405-1813",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2025-11-22T23:05:38.293000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          },
          {
            "problemtype": "Command injection (CWE-77) [ others ]",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?id.265833"
          },
          {
            "trust": 1.8,
            "url": "https://vuldb.com/?submit.335254"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2b%26%5be4%3flp5%3fk9_%3d%5d/arris_vap2500-rce-tools_command.php.pdf"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.265833"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2024-5196"
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-17T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "date": "2024-05-22T12:15:11.097000",
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-17T01:24:00",
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          },
          {
            "date": "2025-10-14T19:36:24.623000",
            "db": "NVD",
            "id": "CVE-2024-5196"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS\u00a0Group\u00a0 of \u00a0ARRIS\u00a0VAP2500\u00a0 Command injection vulnerability in firmware",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2024-028927"
          }
        ],
        "trust": 0.8
      }
    }

    VAR-202405-1809

    Vulnerability from variot - Updated: 2025-10-15 23:39

    A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265831.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-202405-1809",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "arris",
            "version": "08.50"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      },
      "cve": "CVE-2024-5194",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "MULTIPLE",
                "author": "cna@vuldb.com",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.4,
                "id": "CVE-2024-5194",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "cna@vuldb.com",
                "availabilityImpact": "LOW",
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-5194",
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.1"
              },
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 1.2,
                "id": "CVE-2024-5194",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            ],
            "severity": [
              {
                "author": "cna@vuldb.com",
                "id": "CVE-2024-5194",
                "trust": 1.0,
                "value": "Medium"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2024-5194",
                "trust": 1.0,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265831.",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ],
        "trust": 1.0
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "VULDB",
            "id": "265831",
            "trust": 1.0
          },
          {
            "db": "NVD",
            "id": "CVE-2024-5194",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      },
      "id": "VAR-202405-1809",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2025-10-15T23:39:27.895000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?id.265831"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?ctiid.265831"
          },
          {
            "trust": 1.0,
            "url": "https://vuldb.com/?submit.335252"
          },
          {
            "trust": 1.0,
            "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2b%26%5be4%3flp5%3fk9_%3d%5d/arris_vap2500-rce-assoc_table.php.pdf"
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2024-05-22T11:15:53.797000",
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2025-10-14T19:30:12.340000",
            "db": "NVD",
            "id": "CVE-2024-5194"
          }
        ]
      }
    }

    VAR-201411-0386

    Vulnerability from variot - Updated: 2025-04-12 23:16

    The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of access to the management portal. The issue lies in the failure to restrict access to configuration files. An attacker can leverage this vulnerability to leak credentials which can then be chained to execute code with root privileges. The Arris VAP2500 is a wireless access device from Arris, USA. An information disclosure vulnerability exists in Arris VAP2500. There is a security vulnerability in the management portal in the ARRIS VAP2500 with firmware 08.41 and earlier

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "vap2500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "arris",
            "version": "08.41"
          },
          {
            "_id": null,
            "model": "vap2500",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "arris group",
            "version": "fw08.41"
          },
          {
            "_id": null,
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          },
          {
            "_id": null,
            "model": "vap2500",
            "scope": null,
            "trust": 0.6,
            "vendor": "arris group",
            "version": null
          },
          {
            "_id": null,
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "arris",
            "version": "08.41"
          },
          {
            "_id": null,
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arris",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-387"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "BID",
            "id": "71295"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8425"
          }
        ]
      },
      "configurations": {
        "_id": null,
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:arris:vap2500_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-387"
          },
          {
            "db": "BID",
            "id": "71295"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          }
        ],
        "trust": 1.6
      },
      "cve": "CVE-2014-8425",
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-8425",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 2.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-08532",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-76370",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-8425",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-8425",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-8425",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-08532",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201411-516",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-76370",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2014-8425",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-387"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8425"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8425"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of access to the management portal.  The issue lies in the failure to restrict access to configuration files.  An attacker can leverage this vulnerability to leak credentials which can then be chained to execute code with root privileges. The Arris VAP2500 is a wireless access device from Arris, USA. An information disclosure vulnerability exists in Arris VAP2500. There is a security vulnerability in the management portal in the ARRIS VAP2500 with firmware 08.41 and earlier",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-8425"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-387"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "BID",
            "id": "71295"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8425"
          }
        ],
        "trust": 3.24
      },
      "exploit_availability": {
        "_id": null,
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-76370",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35372",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8425"
          }
        ]
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-8425",
            "trust": 4.2
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-387",
            "trust": 3.6
          },
          {
            "db": "BID",
            "id": "71295",
            "trust": 1.7
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2135",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "35372",
            "trust": 0.2
          },
          {
            "db": "VULHUB",
            "id": "VHN-76370",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8425",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-387"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8425"
          },
          {
            "db": "BID",
            "id": "71295"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8425"
          }
        ]
      },
      "id": "VAR-201411-0386",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76370"
          }
        ],
        "trust": 0.9125
      },
      "iot_taxonomy": {
        "_id": null,
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:16:58.818000Z",
      "patch": {
        "_id": null,
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.arrisi.com/products/product.asp?id=5017"
          },
          {
            "title": "Patch for Arris VAP2500 Remote Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/52254"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          }
        ]
      },
      "problemtype_data": {
        "_id": null,
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76370"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8425"
          }
        ]
      },
      "references": {
        "_id": null,
        "data": [
          {
            "trust": 2.9,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-14-387/"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/71295"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8425"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8425"
          },
          {
            "trust": 0.3,
            "url": "http://www.arrisi.com/products/product.asp?id=5017"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/200.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.exploit-db.com/exploits/35372/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76370"
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8425"
          },
          {
            "db": "BID",
            "id": "71295"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8425"
          }
        ]
      },
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-14-387",
            "ident": null
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532",
            "ident": null
          },
          {
            "db": "VULHUB",
            "id": "VHN-76370",
            "ident": null
          },
          {
            "db": "VULMON",
            "id": "CVE-2014-8425",
            "ident": null
          },
          {
            "db": "BID",
            "id": "71295",
            "ident": null
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005685",
            "ident": null
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516",
            "ident": null
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8425",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-387",
            "ident": null
          },
          {
            "date": "2014-11-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08532",
            "ident": null
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76370",
            "ident": null
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-8425",
            "ident": null
          },
          {
            "date": "2014-11-25T00:00:00",
            "db": "BID",
            "id": "71295",
            "ident": null
          },
          {
            "date": "2014-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005685",
            "ident": null
          },
          {
            "date": "2014-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-516",
            "ident": null
          },
          {
            "date": "2014-11-28T15:59:05.323000",
            "db": "NVD",
            "id": "CVE-2014-8425",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2014-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-387",
            "ident": null
          },
          {
            "date": "2014-11-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08532",
            "ident": null
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76370",
            "ident": null
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULMON",
            "id": "CVE-2014-8425",
            "ident": null
          },
          {
            "date": "2014-11-25T00:00:00",
            "db": "BID",
            "id": "71295",
            "ident": null
          },
          {
            "date": "2014-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005685",
            "ident": null
          },
          {
            "date": "2014-12-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-516",
            "ident": null
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-8425",
            "ident": null
          }
        ]
      },
      "threat_type": {
        "_id": null,
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "_id": null,
        "data": "Arris VAP2500 Remote Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08532"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "_id": null,
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-516"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201411-0384

    Vulnerability from variot - Updated: 2025-04-12 23:16

    Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. http://cwe.mitre.org/data/definitions/74.htmlAn arbitrary command may be executed by a third party. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of access to the management portal. The issue lies in the ability to execute arbitrary commands without any sanitization. An attacker can leverage this vulnerability to execute code with root privileges. The Arris VAP2500 is a wireless access device from Arris, USA

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0384",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "arris",
            "version": "08.41"
          },
          {
            "model": "vap2500",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "arris group",
            "version": "fw08.41"
          },
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          },
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.6,
            "vendor": "arris group",
            "version": null
          },
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "arris",
            "version": "08.41"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:arris:vap2500_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "db": "BID",
            "id": "71299"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          }
        ],
        "trust": 1.6
      },
      "cve": "CVE-2014-8423",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-8423",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 2.5,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-08576",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-76368",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-8423",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-8423",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-8423",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-08576",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201411-518",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-76368",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. Supplementary information : CWE Vulnerability type by CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ( injection ) Has been identified. http://cwe.mitre.org/data/definitions/74.htmlAn arbitrary command may be executed by a third party. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of access to the management portal.  The issue lies in the ability to execute arbitrary commands without any sanitization.  An attacker can leverage this vulnerability to execute code with root privileges. The Arris VAP2500 is a wireless access device from Arris, USA",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-8423"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "BID",
            "id": "71299"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          }
        ],
        "trust": 3.15
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-76368",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-8423",
            "trust": 4.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-389",
            "trust": 3.2
          },
          {
            "db": "BID",
            "id": "71299",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2137",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "35372",
            "trust": 0.1
          },
          {
            "db": "PACKETSTORM",
            "id": "130064",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-76368",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          },
          {
            "db": "BID",
            "id": "71299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "id": "VAR-201411-0384",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          }
        ],
        "trust": 0.9125
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:16:58.779000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.arrisi.com/products/product.asp?id=5017"
          },
          {
            "title": "Patch for Arris VAP2500 Remote Code Execution Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/52267"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-74",
            "trust": 1.1
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-14-389/"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8423"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8423"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/71299/info"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/bid/71299"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76368"
          },
          {
            "db": "BID",
            "id": "71299"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76368"
          },
          {
            "date": "2014-11-25T00:00:00",
            "db": "BID",
            "id": "71299"
          },
          {
            "date": "2014-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "date": "2014-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          },
          {
            "date": "2014-11-28T15:59:03.150000",
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-389"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08576"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76368"
          },
          {
            "date": "2014-12-03T00:55:00",
            "db": "BID",
            "id": "71299"
          },
          {
            "date": "2014-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          },
          {
            "date": "2014-12-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-8423"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS VAP2500 Management portal execution arbitrary command vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005687"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "code injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-518"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201411-0385

    Vulnerability from variot - Updated: 2025-04-12 23:16

    ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of user authentication. The issue lies in the failure to compare the password when authenticating. An attacker can leverage this vulnerability to bypass authentication checks which can then be chained to execute code with root privileges. The Arris VAP2500 is a wireless access device from Arris, USA. Arris VAP2500 is prone to an authentication-bypass vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201411-0385",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "arris",
            "version": "08.41"
          },
          {
            "model": "vap2500",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "arris group",
            "version": "fw08.41"
          },
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          },
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.6,
            "vendor": "arris group",
            "version": null
          },
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "arris",
            "version": "08.41"
          },
          {
            "model": "vap2500",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "arris",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "BID",
            "id": "71297"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:arris:vap2500_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "db": "BID",
            "id": "71297"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          }
        ],
        "trust": 1.6
      },
      "cve": "CVE-2014-8424",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2014-8424",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 2.5,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2014-08575",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 7.8,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-76369",
                "impactScore": 6.9,
                "integrityImpact": "NONE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2014-8424",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-8424",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "ZDI",
                "id": "CVE-2014-8424",
                "trust": 0.7,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-08575",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201411-517",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-76369",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of user authentication.  The issue lies in the failure to compare the password when authenticating.  An attacker can leverage this vulnerability to bypass authentication checks which can then be chained to execute code with root privileges. The Arris VAP2500 is a wireless access device from Arris, USA. Arris VAP2500 is prone to an authentication-bypass vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-8424"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "BID",
            "id": "71297"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          }
        ],
        "trust": 3.15
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-76369",
            "trust": 0.1,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-8424",
            "trust": 4.1
          },
          {
            "db": "ZDI",
            "id": "ZDI-14-388",
            "trust": 3.5
          },
          {
            "db": "BID",
            "id": "71297",
            "trust": 1.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686",
            "trust": 0.8
          },
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-2136",
            "trust": 0.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575",
            "trust": 0.6
          },
          {
            "db": "EXPLOIT-DB",
            "id": "35372",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-76369",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          },
          {
            "db": "BID",
            "id": "71297"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "id": "VAR-201411-0385",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          }
        ],
        "trust": 0.9125
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          }
        ]
      },
      "last_update_date": "2025-04-12T23:16:58.738000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.arrisi.com/products/product.asp?id=5017"
          },
          {
            "title": "Arris VAP2500 authentication bypass vulnerability patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/52266"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "http://www.zerodayinitiative.com/advisories/zdi-14-388/"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/bid/71297"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8424"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8424"
          },
          {
            "trust": 0.3,
            "url": "http://www.arrisi.com/products/product.asp?id=5017"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          },
          {
            "db": "BID",
            "id": "71297"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "db": "VULHUB",
            "id": "VHN-76369"
          },
          {
            "db": "BID",
            "id": "71297"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76369"
          },
          {
            "date": "2014-11-25T00:00:00",
            "db": "BID",
            "id": "71297"
          },
          {
            "date": "2014-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "date": "2014-11-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          },
          {
            "date": "2014-11-28T15:59:04.433000",
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-11-25T00:00:00",
            "db": "ZDI",
            "id": "ZDI-14-388"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-08575"
          },
          {
            "date": "2014-11-28T00:00:00",
            "db": "VULHUB",
            "id": "VHN-76369"
          },
          {
            "date": "2014-11-25T00:00:00",
            "db": "BID",
            "id": "71297"
          },
          {
            "date": "2014-12-01T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          },
          {
            "date": "2014-12-02T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2014-8424"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS VAP2500 Vulnerabilities that bypass authentication",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-005686"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201411-517"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201706-1188

    Vulnerability from variot - Updated: 2022-05-17 02:10

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the macaddr parameter provided to the list_mac_address.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-1188",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-16-693",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-16-693",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the macaddr parameter provided to the list_mac_address.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call.  An attacker can leverage this vulnerability to execute code under the context of root.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3870",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-693",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ]
      },
      "id": "VAR-201706-1188",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2022-05-17T02:10:31.290000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS VAP2500 list_mac_address macaddr Command Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-693"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201706-1186

    Vulnerability from variot - Updated: 2022-05-17 02:07

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the authentication validation mechanism of the used in the list_mac_address.php management portal page. The issue lies in the failure to stop processing the page after an unsuccessful attempt to validate authentication. An attacker can leverage this vulnerability to execute code under the context of root.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-1186",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-16-696",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-16-696",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the authentication validation mechanism of the used in the list_mac_address.php management portal page. The issue lies in the failure to stop processing the page after an unsuccessful attempt to validate authentication. An attacker can leverage this vulnerability to execute code under the context of root.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3873",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-696",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ]
      },
      "id": "VAR-201706-1186",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2022-05-17T02:07:05.882000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS VAP2500 list_mac_address Authentication Bypass Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-696"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201706-1195

    Vulnerability from variot - Updated: 2022-05-17 02:05

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the firmware and filesystem of the ARRIS VAP2500. The firmware and filesystem contain hard-coded default credentials in clear text. An attacker can leverage this vulnerability to execute code under the context of root.

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-695"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-695"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-16-695",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-16-695",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-695"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the firmware and filesystem of the ARRIS VAP2500. The firmware and filesystem contain hard-coded default credentials in clear text. An attacker can leverage this vulnerability to execute code under the context of root.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-695"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3872",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-695",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-695"
          }
        ]
      },
      "id": "VAR-201706-1195",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2022-05-17T02:05:50.629000Z",
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-695",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-695",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-695",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "ARRIS VAP2500 Default Credentials Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-695"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201706-1191

    Vulnerability from variot - Updated: 2022-05-17 02:03

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the parameters provided to the tools_command.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root.

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-692"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-692"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "ZDI-16-692",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-16-692",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-692"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the parameters provided to the tools_command.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call.  An attacker can leverage this vulnerability to execute code under the context of root.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-692"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3869",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-692",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-692"
          }
        ]
      },
      "id": "VAR-201706-1191",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2022-05-17T02:03:17.270000Z",
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-692",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-692",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-692",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "ARRIS VAP2500 tools_command Command Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-692"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201706-1185

    Vulnerability from variot - Updated: 2022-05-17 01:50

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the various txt_mac parameters provided to the config_wds.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-1185",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "ZDI-16-690",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-16-690",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the various txt_mac parameters provided to the config_wds.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call.  An attacker can leverage this vulnerability to execute code under the context of root.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3867",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-690",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ]
      },
      "id": "VAR-201706-1185",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2022-05-17T01:50:56.981000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS VAP2500 assoc_table Command Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-690"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201706-1193

    Vulnerability from variot - Updated: 2022-05-17 01:47

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the various txt_mac parameters provided to the config_wds.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root.

    Show details on source website

    {
      "affected_products": {
        "_id": null,
        "data": [
          {
            "_id": null,
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-691"
          }
        ]
      },
      "credits": {
        "_id": null,
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-691"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "_id": null,
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "ZDI-16-691",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-16-691",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-691"
          }
        ]
      },
      "description": {
        "_id": null,
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is required to exploit this vulnerability.The specific flaw exists within the handling of the various txt_mac parameters provided to the config_wds.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call.  An attacker can leverage this vulnerability to execute code under the context of root.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-691"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "_id": null,
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3868",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-691",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-691"
          }
        ]
      },
      "id": "VAR-201706-1193",
      "iot": {
        "_id": null,
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2022-05-17T01:47:54.019000Z",
      "sources": {
        "_id": null,
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-691",
            "ident": null
          }
        ]
      },
      "sources_release_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-691",
            "ident": null
          }
        ]
      },
      "sources_update_date": {
        "_id": null,
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-691",
            "ident": null
          }
        ]
      },
      "title": {
        "_id": null,
        "data": "ARRIS VAP2500 config_wds Command Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-691"
          }
        ],
        "trust": 0.7
      }
    }

    VAR-201706-1190

    Vulnerability from variot - Updated: 2022-05-17 01:36

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the cmb_macaddrfilter parameter provided to the list_mac_address.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of root.

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201706-1190",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "vap2500",
            "scope": null,
            "trust": 0.7,
            "vendor": "arris",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Ricky \"HeadlessZeke\" Lawshae",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ],
        "trust": 0.7
      },
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "ZDI",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "ZDI-16-694",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "HIGH",
                "trust": 0.7,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "ZDI",
                "id": "ZDI-16-694",
                "trust": 0.7,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ARRIS VAP2500. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of the cmb_macaddrfilter parameter provided to the list_mac_address.php management portal page. The issue lies in the failure to properly validate a user-supplied string before using it to execute a system call.  An attacker can leverage this vulnerability to execute code under the context of root.",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ],
        "trust": 0.7
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "ZDI_CAN",
            "id": "ZDI-CAN-3871",
            "trust": 0.7
          },
          {
            "db": "ZDI",
            "id": "ZDI-16-694",
            "trust": 0.7
          }
        ],
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ]
      },
      "id": "VAR-201706-1190",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VARIoT devices database",
            "id": null
          }
        ],
        "trust": 0.2125
      },
      "last_update_date": "2022-05-17T01:36:26.166000Z",
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-06-26T00:00:00",
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ]
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ARRIS VAP2500 list_mac_address cmb_macaddrfilter Command Injection Remote Code Execution Vulnerability",
        "sources": [
          {
            "db": "ZDI",
            "id": "ZDI-16-694"
          }
        ],
        "trust": 0.7
      }
    }