Vulnerability Details CVE-2022-26992
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2022-26992
-
cpe:2.3:h:arris:sbr-ac1200p:-
-
cpe:2.3:h:arris:sbr-ac1900p:-
-
cpe:2.3:h:arris:sbr-ac3200p:-
-
cpe:2.3:o:arris:sbr-ac1200p_firmware:1.0.5-b05
-
cpe:2.3:o:arris:sbr-ac1900p_firmware:1.0.7-b05
-
cpe:2.3:o:arris:sbr-ac3200p_firmware:1.0.7-b05