CVE-2022-26992

Name of the Vulnerable Software and Affected Versions Arris routers SBR-AC1900P version 1.0.7-B05 Arris routers SBR-AC3200P version 1.0.7-B05 Arris routers SBR-AC1200P version 1.0.5-B05

Description A command injection issue was discovered in the ddns function of the affected Arris routers. This issue allows attackers to execute arbitrary commands via a crafted request, specifically by manipulating the DdnsUserName, DdnsHostName, and DdnsPassword parameters.

Recommendations For Arris routers SBR-AC1900P version 1.0.7-B05, consider disabling the ddns function until a patch is available. For Arris routers SBR-AC3200P version 1.0.7-B05, consider disabling the ddns function until a patch is available. For Arris routers SBR-AC1200P version 1.0.5-B05, consider disabling the ddns function until a patch is available. As a temporary workaround, avoid using the DdnsUserName, DdnsHostName, and DdnsPassword parameters in the affected ddns function to minimize the risk of exploitation.