CVE-2025-66644
- EPSS 3.51%
- Veröffentlicht 05.12.2025 00:00:00
- Zuletzt bearbeitet 10.12.2025 02:00:02
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
CVE-2023-51707
- EPSS 2.63%
- Veröffentlicht 22.12.2023 02:15:43
- Zuletzt bearbeitet 23.04.2025 17:16:48
MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.
CVE-2023-41121
- EPSS 0.68%
- Veröffentlicht 25.08.2023 22:15:11
- Zuletzt bearbeitet 21.11.2024 08:20:38
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.
CVE-2023-28461
- EPSS 87.18%
- Veröffentlicht 15.03.2023 23:15:10
- Zuletzt bearbeitet 03.11.2025 18:14:11
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be expl...
CVE-2023-24613
- EPSS 0.41%
- Veröffentlicht 03.02.2023 02:15:07
- Zuletzt bearbeitet 26.03.2025 15:15:47
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit co...
CVE-2022-42897
- EPSS 2.9%
- Veröffentlicht 13.10.2022 00:15:09
- Zuletzt bearbeitet 15.05.2025 18:15:32
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.