CVE-2024-5195

CVE Database · CVE-2024-5195

CVE-2024-5195

· MEDIUMAnalyzed

CVSS v3.1

4.7

CVSS v4.0

5.1

EPSS

4.16%

Published

May 22, 2024

Modified

Oct 14, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was found in Arris VAP2500 08.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file /diag_s.php. The manipulation of the argument customer_info leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-265832.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-77

Affected Products (2)

arris · vap2500_firmwarevulnerable

arris · vap2500

References (8)

https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/a%2B%26%5BE4%3Flp5%3Fk9_%3D%5D/ARRIS_VAP2500-RCE-diag_s.php.pdf

Broken Link

https://vuldb.com/?ctiid.265832

Permissions RequiredVDB Entry