Vulnerabilities

Newly Disclosed Vulnerability Exposes EOL Arris Routers to Attacks

Malwarebytes warns of a remote code execution vulnerability impacting Arris G2482A, TG2492, and SBG10 routers, which have reached end-of-life (EOL).

Malwarebytes warns of a remote code execution vulnerability impacting Arris G2482A, TG2492, and SBG10 routers, which have reached end-of-life (EOL).

Malwarebytes warns of a remote code execution vulnerability impacting several Arris routers, for which proof-of-concept (PoC) exploit code has been released.

Tracked as CVE-2022-45701, the bug exists because the router firmware does not properly neutralize special characters in requests, which allowed security researcher Yerodin Richards to perform shell script command injection.

The impacted models have reached end-of-life (EOL) and are no longer supported by CommScope (the company that acquired Arris), meaning that they are unlikely to receive patches.

The security defect impacts G2482A, TG2492, and SBG10 routers running firmware version 9.1.103, which are commonly found in the Latin America and Caribbean region.

Although login credentials are required to exploit the vulnerability, users often leave default usernames and passwords on their devices, either because the process of changing or removing them is too complicated or because they are not explicitly told to modify them during the setup process.

Not only are these routers susceptible to attacks that rely on brute-forcing default credentials, but, because they do not secure credentials in transit using HTTPS, they are also prone to exposing them to attackers able to intercept traffic.

Advertisement. Scroll to continue reading.

To mitigate the risks, users are advised to secure their devices with strong passwords, albeit an experienced attacker able to eavesdrop on the unprotected traffic could intercept the password.

Changing the router firmware would be a better solution, but “providers are lax about pushing updates and there is no easy way for an end user to do this themselves,” Richards says.

According to the security researcher, users “could run the exploit to gain a root shell and try to patch it from there but this is by no means a simple solution”.

Related: Remote Code Execution Vulnerabilities Found in TP-Link, NetComm Routers

Related: InHand Industrial Router Vulnerabilities Expose Internal OT Networks to Attacks

Related: Cisco Warns of Critical Vulnerability in EoL Small Business Routers

Related Content

Government

Multiple state-sponsored APTs are compromising poorly secured devices across critical infrastructure sector networks.

Vulnerabilities

Tracked as CVE-2026-11405, the vulnerability allows unauthenticated attackers to access a device's web management interface.

Malware & Threats

The exploitation of the command injection vulnerability started one year after public disclosure and PoC exploit code publication.

Vulnerabilities

In-the-wild exploitation has been ongoing for a year, but no successful payload execution has been observed.

Vulnerabilities

The security defects could be used to bypass authentication, execute arbitrary commands, and decrypt configuration files.

Network Security

The ban aligns with a White House determination that all routers produced abroad are a threat to national security.

Vulnerabilities

An out-of-band security update for Junos OS Evolved patches the remote code execution vulnerability CVE-2026-21902.

Vulnerabilities

The issue impacts the UPnP function of multiple device models and could be exploited for remote code execution.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version