VYPR
Vendor

Array Networks

Products
6
CVEs
8
Across products
11
Status
Private

Products

6

Recent CVEs

8
  • CVE-2023-28461CriKEVMar 15, 2023
    risk 0.87cvss 9.8epss 0.68

    Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable…

  • CVE-2014-125121CriJul 31, 2025
    risk 0.73cvss epss 0.01

    Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a…

  • CVE-2023-51707CriDec 22, 2023
    risk 0.64cvss 9.8epss 0.01

    MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected.

  • CVE-2022-42897CriOct 13, 2022
    risk 0.64cvss 9.8epss 0.01

    Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected.

  • CVE-2023-41121HigAug 25, 2023
    risk 0.49cvss 7.5epss 0.01

    Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations.

  • CVE-2023-28460HigMar 15, 2023
    risk 0.47cvss 7.2epss 0.02

    A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and…

  • CVE-2023-24613MedFeb 3, 2023
    risk 0.32cvss 4.9epss 0.01

    The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this…

  • CVE-2025-66644KEVDec 5, 2025
    risk 0.12cvss epss 0.03

    Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.