A remote code execution vulnerability affecting a number of Arris routers has been reported by Malwarebytes, and proof-of-concept (PoC) exploit code has been made available.
Known as CVE-2022-45701, the flaw was discovered when security researcher Yerodin Richards was able to execute shell script command injection because the router firmware does not correctly neutralize special characters in requests. The affected models are unlikely to receive patches because they have reached end-of-life (EOL) and are no longer supported by CommScope, the business that acquired Arris.
The G2482A, TG2492, and SBG10 routers, which are frequently found in Latin America and the Caribbean, are affected by the security flaw. They run firmware version 9.1.103.
Read More: Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.