CVE-2014-8423

Arris Vap2500 Firmware < 08.41 - Injection

Title source: rule

Description

Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.

Exploits (2)

exploitdb WORKING POC

rubywebappshardware

https://www.exploit-db.com/exploits/35372

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by HeadlessZeke · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vap2500_tools_command_exec.rb

View Code ZIP pw:eip

References (1)

[Third Party Advisory] http://www.zerodayinitiative.com/advisories/ZDI-14-389/

Scores

EPSS 0.4169

EPSS Percentile 97.4%

Details

CWE

CWE-74

Status published

Products (1)

arris/vap2500_firmware < 08.41

Published Nov 28, 2014

Tracked Since Feb 18, 2026