彙總 arraynetworks 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 記憶體損壞、拒絕服務與命令注入 等問題,部分漏洞可能導致 應用程式崩潰,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-66644 KEV | Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025. | [email protected] | 7.2 | 3.05% | 2025-12-05 | 2026-06-17 |
| CVE-2014-125121 | Array Networks vAPV (version 8.3.2.17) and vxAG (version 9.2.0.34) appliances are affected by a privilege escalation vulnerability caused by a combination of hardcoded SSH credentials (or SSH private key) and insecure permissions on a startup script. The devices ship with a default SSH login or a hardcoded DSA private key, allowing an attacker to authenticate remotely with limited privileges. Once authenticated, an attacker can overwrite the world-writable /ca/bin/monitor.sh script with arbitr | [email protected] | 10.0 | 0.82% | 2025-07-31 | 2026-06-16 |
| CVE-2023-51707 | MotionPro in Array ArrayOS AG before 9.4.0.505 on AG and vxAG allows remote command execution via crafted packets. AG and vxAG 9.3.0.259.x are unaffected. | [email protected] | 9.8 | 1.27% | 2023-12-21 | 2026-06-17 |
| CVE-2023-41121 | Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. | [email protected] | 7.5 | 0.63% | 2023-08-25 | 2026-06-17 |
| CVE-2023-28461 KEV | Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. An attacker can browse the filesystem on the SSL VPN gateway using a flags attribute in an HTTP header without authentication. The product could then be exploited through a vulnerable URL. The 2023-03-09 vendor advisory stated "a new Array AG release with the fix will be available soon." | [email protected] | 9.8 | 67.64% | 2023-03-15 | 2026-06-17 |
| CVE-2023-28460 | A command injection vulnerability was discovered in Array Networks APV products. A remote attacker can send a crafted packet after logging into the affected appliance as an administrator, resulting in arbitrary shell code execution. This is fixed in 8.6.1.262 or newer and 10.4.2.93 or newer. | [email protected] | 7.2 | 1.62% | 2023-03-15 | 2026-06-17 |
| CVE-2023-24613 | The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system with administrator privileges. A successful exploit could leverage this vulnerability in the backend binary file that handles the user interface to a cause denial of service attack. This is fixed in AG 9.4.0.481. | [email protected] | 4.9 | 0.79% | 2023-02-02 | 2026-06-17 |
| CVE-2022-42897 | Array Networks AG/vxAG with ArrayOS AG before 9.4.0.469 allows unauthenticated command injection that leads to privilege escalation and control of the system. NOTE: ArrayOS AG 10.x is unaffected. | [email protected] | 9.8 | 1.50% | 2022-10-12 | 2026-06-17 |