CVE-2022-26993

Name of the Vulnerable Software and Affected Versions Arris routers SBR-AC1900P version 1.0.7-B05 Arris routers SBR-AC3200P version 1.0.7-B05 Arris routers SBR-AC1200P version 1.0.5-B05

Description A command injection issue was discovered in the pppoe function, allowing attackers to execute arbitrary commands via a crafted request. The vulnerability is exploited through the pppoeUserName, pppoePassword, and pppoe Service parameters.

Recommendations For Arris routers SBR-AC1900P version 1.0.7-B05, consider disabling the pppoe function until a patch is available. For Arris routers SBR-AC3200P version 1.0.7-B05, restrict access to the pppoe function to minimize the risk of exploitation. For Arris routers SBR-AC1200P version 1.0.5-B05, avoid using the pppoeUserName, pppoePassword, and pppoe Service parameters in the affected API endpoint until the issue is resolved.