← Back

Arrayos Ag

arrayos_ag

Vendor: Arraynetworks • 6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-66644
1Arraynetworks
1Arrayos Ag
Dec 10, 2025
Dec 5, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
CVE-2023-51707
1Arraynetworks
1Arrayos Ag
Apr 23, 2025
Dec 22, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.
CVE-2023-41121
1Arraynetworks
1Arrayos Ag
Nov 21, 2024
Aug 25, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.
CVE-2023-28461
1Arraynetworks
1Arrayos Ag
Nov 3, 2025
Mar 15, 2023
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication....Show more
Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."Show less
CVE-2023-24613
1Arraynetworks
1Arrayos Ag
Mar 26, 2025
Feb 3, 2023
N/A· v4
4.9 MEDIUM· v3
N/A· v2
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privi...Show more
The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.Show less
CVE-2022-42897
1Arraynetworks
1Arrayos Ag
May 15, 2025
Oct 13, 2022
N/A· v4
9.8 CRITICAL· v3
N/A· v2
Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.