GCVE - cpe:2.3:o:arris:vap2500_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:arris:vap2500_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Arris (`290db500-1f7c-5464-99cb-40c6b5ca6750`)
Product	Vap2500 Firmware (`777913d5-57bd-5cc0-bfe2-f89812dbf288`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5196`	vulnerable	2026-06-03 14:57:52.025763	Arris VAP2500 tools_command.php command injection MEDIUM (4.7) A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265833 was assigned to this vulnerability. Published: 2024-05-22T12:00:05.533Z Updated: 2024-08-01T21:03:11.134Z Open on db.gcve.eu Reference links https://vuldb.com/?id.265833 https://vuldb.com/?ctiid.265833 https://vuldb.com/?submit.335254 https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-tools_command.php.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5194`	vulnerable	2026-06-03 14:57:52.018988	Arris VAP2500 assoc_table.php command injection MEDIUM (4.7) A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265831. Published: 2024-05-22T11:00:05.367Z Updated: 2024-08-01T21:03:11.059Z Open on db.gcve.eu Reference links https://vuldb.com/?id.265831 https://vuldb.com/?ctiid.265831 https://vuldb.com/?submit.335252 https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-assoc_table.php.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8425`	vulnerable	2026-06-03 14:34:23.926928	Details available The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. Published: 2014-11-28T15:00:00.000Z Updated: 2024-08-06T13:18:48.310Z Open on db.gcve.eu Reference links http://www.zerodayinitiative.com/advisories/ZDI-14-387/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8424`	vulnerable	2026-06-03 14:34:23.926651	Details available ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication. Published: 2014-11-28T15:00:00.000Z Updated: 2024-08-06T13:18:47.977Z Open on db.gcve.eu Reference links http://www.zerodayinitiative.com/advisories/ZDI-14-388/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-8423`	vulnerable	2026-06-03 14:34:23.926289	Details available Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors. Published: 2014-11-28T15:00:00.000Z Updated: 2024-08-06T13:18:48.318Z Open on db.gcve.eu Reference links http://www.zerodayinitiative.com/advisories/ZDI-14-389/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.