GCVE - cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:arraynetworks:ag1500v5:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Arraynetworks (`2e5a11b9-7ef9-58d7-8953-2d68023f44db`)
Product	Ag1500V5 (`31c09d27-fd7f-5ed1-afdb-3a1618a3e811`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-66644`	not_vulnerable	2026-06-03 15:11:01.056809	Details available HIGH (7.2) Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. Published: 2025-12-05T00:00:00.000Z Updated: 2026-02-26T16:57:31.054Z Open on db.gcve.eu Reference links https://www.jpcert.or.jp/at/2025/at250024.html https://x.com/ArraySupport/status/1921373397533032590 https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-arrayos-ag-vpn-flaw-to-plant-webshells/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-28461`	not_vulnerable	2026-06-03 14:51:09.391670	Details available Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." Published: 2023-03-15T00:00:00.000Z Updated: 2025-10-21T23:15:23.174Z Open on db.gcve.eu Reference links https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-24613`	not_vulnerable	2026-06-03 14:49:30.339960	Details available The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481. Published: 2023-02-03T00:00:00.000Z Updated: 2025-03-26T14:55:05.017Z Open on db.gcve.eu Reference links https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_UI_Stack_Overflow_Vulnerability_ID-128285_V1.0.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-42897`	not_vulnerable	2026-06-03 14:48:13.208866	Details available Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. Published: 2022-10-12T00:00:00.000Z Updated: 2025-05-15T17:55:18.203Z Open on db.gcve.eu Reference links https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_Remote_Injection_Vulnerability_in_Array_VPN_Product_ID-11961_%20V2.1.pdf https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/fieldnotices.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.