GCVE - cpe:2.3:o:arris:vap2500_firmware:08.50:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:arris:vap2500_firmware:08.50:*:*:*:*:*:*:*

part: o version: 08.50 update: *

Vendor	Arris (`290db500-1f7c-5464-99cb-40c6b5ca6750`)
Product	Vap2500 Firmware (`777913d5-57bd-5cc0-bfe2-f89812dbf288`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-5196`	vulnerable	2026-06-03 14:57:52.025831	Arris VAP2500 tools_command.php command injection MEDIUM (4.7) A vulnerability classified as critical has been found in Arris VAP2500 08.50. This affects an unknown part of the file /tools_command.php. The manipulation of the argument cmb_header/txt_command leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265833 was assigned to this vulnerability. Published: 2024-05-22T12:00:05.533Z Updated: 2024-08-01T21:03:11.134Z Open on db.gcve.eu Reference links https://vuldb.com/?id.265833 https://vuldb.com/?ctiid.265833 https://vuldb.com/?submit.335254 https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-tools_command.php.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5195`	vulnerable	2026-06-03 14:57:52.025025	Arris VAP2500 diag_s.php command injection MEDIUM (4.7) A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265832. Published: 2024-05-22T11:00:06.975Z Updated: 2024-08-01T21:03:11.096Z Open on db.gcve.eu Reference links https://vuldb.com/?id.265832 https://vuldb.com/?ctiid.265832 https://vuldb.com/?submit.335253 https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-diag_s.php.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5194`	vulnerable	2026-06-03 14:57:52.023264	Arris VAP2500 assoc_table.php command injection MEDIUM (4.7) A vulnerability was found in Arris VAP2500 08.50. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assoc_table.php. The manipulation of the argument id leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-265831. Published: 2024-05-22T11:00:05.367Z Updated: 2024-08-01T21:03:11.059Z Open on db.gcve.eu Reference links https://vuldb.com/?id.265831 https://vuldb.com/?ctiid.265831 https://vuldb.com/?submit.335252 https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-assoc_table.php.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.