Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
References
Link | Resource |
---|---|
https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_10/10.md | Broken Link Exploit Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2022-03-15 15:15
Updated : 2023-02-22 09:40
NVD link : CVE-2022-27002
Mitre link : CVE-2022-27002
JSON object : View
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Products Affected
commscope
- arris_tr3300_firmware
- arris_tr3300