Improper Protection of Alternate Path
CVE-2025-49163
Summary
Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow booting an arbitrary image via a crafted /usr/bin/gunzip file.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- NONE
- HIGH
- HIGH
- HIGH
CWE-424 - Improper Protection of Alternate Path
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
References
Advisory Timeline
- Published
