Vendor
Xirrus
Products
5
CVEs
3
Across products
6
Status
Private
Products
5- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-6557 | Hig | 0.57 | 8.8 | 0.01 | May 5, 2017 | SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||
| CVE-2020-9022 | Med | 0.40 | 6.1 | 0.01 | Feb 17, 2020 | An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS. | ||
| CVE-2025-66644 | 0.12 | — | 0.03 | KEV | Dec 5, 2025 | Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. |
- risk 0.57cvss 8.8epss 0.01
SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the portal bookmark function is enabled, allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.
- risk 0.12cvss —epss 0.03
Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.