CVE-2024-23618 CRITICAL

CVE-2024-23618: Arris SURFboard SBG6950AC2 Arbitrary Code Execution Vulnerability

Vendor Arris
Product SURFboard SBG6950AC2
Weakness CWE-306 · Missing auth
Published January 25, 2024
Last update June 17, 2025

CVSS base score

9.6/10
Attack vector Adjacent
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root.

Key dates

02Disclosure timeline

January 25, 2024 CVE published
June 17, 2025 Record updated