Arraynetworks

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-66644 1Arraynetworks 1Arrayos Ag Dec 10, 2025 Dec 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.
CVE-2023-51707 1Arraynetworks 1Arrayos Ag Apr 23, 2025 Dec 22, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.
CVE-2023-41121 1Arraynetworks 1Arrayos Ag Nov 21, 2024 Aug 25, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.
CVE-2023-28461 1Arraynetworks 1Arrayos Ag Nov 3, 2025 Mar 15, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication....Show more Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon."Show less
CVE-2023-28460 1Arraynetworks 1Array Os Nov 21, 2024 Mar 15, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell cod...Show more A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer.Show less
CVE-2023-24613 1Arraynetworks 1Arrayos Ag Mar 26, 2025 Feb 3, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privi...Show more The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481.Show less
CVE-2022-42897 1Arraynetworks 1Arrayos Ag May 15, 2025 Oct 13, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.