CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26990

Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.099

EPSS Ranking 92.6%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 7.5

References

Products affected by CVE-2022-26990

Arris » Sbr-Ac1200p » Version: N/A

cpe:2.3:h:arris:sbr-ac1200p:-
Arris » Sbr-Ac1900p » Version: N/A

cpe:2.3:h:arris:sbr-ac1900p:-
Arris » Sbr-Ac3200p » Version: N/A

cpe:2.3:h:arris:sbr-ac3200p:-
Arris » Sbr-Ac1200p Firmware » Version: 1.0.5-b05

cpe:2.3:o:arris:sbr-ac1200p_firmware:1.0.5-b05
Arris » Sbr-Ac1900p Firmware » Version: 1.0.7-b05

cpe:2.3:o:arris:sbr-ac1900p_firmware:1.0.7-b05
Arris » Sbr-Ac3200p Firmware » Version: 1.0.7-b05

cpe:2.3:o:arris:sbr-ac3200p_firmware:1.0.7-b05

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26990

Products

Pricing

Contact Us