CVE-2022-26995

Опубликовано: 15 мар. 2022

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

Ссылки

https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_14/14.md
Exploit
Third Party Advisory
https://github.com/wudipjq/my_vuln/blob/main/ARRIS/vuln_14/14.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:commscope:arris_tr3300_firmware:1.0.13:*:*:*:*:*:*:*

cpe:2.3:h:commscope:arris_tr3300:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.1381

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-vhxx-3297-x3w7