First published: Tue Mar 15 2022(Updated: )
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Commscope Arris Tr3300 Firmware | =1.0.13 | |
Commscope Arris Tr3300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this command injection vulnerability is CVE-2022-26997.
The affected software for this vulnerability is Commscope Arris Tr3300 firmware version 1.0.13.
The severity of CVE-2022-26997 is critical with a severity value of 9.8.
An attacker can exploit CVE-2022-26997 by sending a crafted request with a malicious upnp_ttl parameter, allowing them to execute arbitrary commands.
At the moment, there is no information available about a fix for CVE-2022-26997. It is recommended to follow the reference link for any updates or security patches.