CVE Tools

arris

Networking Infrastructurecommercial

17

Cumulative CVEs

6

Monthly snapshots

#31

Peak rank

Top products

sbr-ac1200p firmware5 sbr-ac1900p firmware5 sbr-ac3200p firmware5

Latest CVEs

The 15 most recently published vulnerabilities affecting arris.

CVE-2025-49164Arris VIP1113 devices through 2025-05-30 with KreaTV SDK have a firmware decryption key of cd1c2d78f2cba1f73ca7e697b4a485f49a8a7d0c8b0fdc9f51ced50f2530668a.4.3Jun 2, 2025
CVE-2025-49163Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.6.7Jun 2, 2025
CVE-2025-49162Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.6.4Jun 2, 2025
CVE-2024-5196Arris VAP2500 tools_command.php command injection4.7May 22, 2024
CVE-2024-5195Arris VAP2500 diag_s.php command injection4.7May 22, 2024
CVE-2024-5194Arris VAP2500 assoc_table.php command injection4.7May 22, 2024
CVE-2024-23618Arris SURFboard SBG6950AC2 Arbitrary Code Execution Vulnerability9.6Jan 25, 2024
CVE-2023-40038Arris DG860A and DG1670A devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSI...8.8Dec 27, 2023
CVE-2023-40039An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.9.8Sep 11, 2023
CVE-2022-45028A cross-site scripting (XSS) vulnerability in Arris NVG443B 9.3.0h3d36 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request sent to /cgi-bin/logs.ha.6.1Dec 13, 2022
CVE-2022-31793do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs be...7.5Aug 4, 2022
CVE-2022-26994Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpP...9.8Mar 15, 2022
CVE-2022-26993Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoeP...9.8Mar 15, 2022
CVE-2022-26992Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHost...9.8Mar 15, 2022
CVE-2022-26991Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. Thi...9.8Mar 15, 2022