CVE-2024-23618

CVE Database · CVE-2024-23618

CVE-2024-23618

· CRITICALModified

CVSS v3.1

9.6

EPSS

1.21%

Published

Jan 25, 2024

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Weaknesses (CWE)

CWE-306CWE-306

Affected Products (2)

commscope · arris_surfboard_sbg6950ac2_firmwarevulnerable

commscope · arris_surfboard_sbg6950ac2

References (2)

https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/

Third Party Advisory

https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/

Third Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs