Arris VIP1113 devices through 2025-05-30 with KreaTV SDK allow file overwrite via TFTP because a remote filename with a space character allows an attacker to control the local filename.
The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.