Description
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
Exploits (2)
metasploit
WORKING POC
NORMAL
by HeadlessZeke · rubypocunix
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/vap2500_tools_command_exec.rb
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-14-388/
Scores
EPSS
0.5354
EPSS Percentile
98.0%
Details
CWE
CWE-287
Status
published
Products (1)
arris/vap2500_firmware
< 08.41
Published
Nov 28, 2014
Tracked Since
Feb 18, 2026