Victor Van Der Helm

**Name of the Vulnerable Software and Affected Versions** Galleon NTS-6002-GPS version 4.14.103-Galleon-NTS-6002.V12 4 **Description** An issue was discovered in the Network Tools section of the web-management interface, allowing an authenticated attacker to perform command injection as root via shell metacharacters. The affected tools include Ping, Traceroute, and DNS Lookup, with their respective input fields `ping address`, `trace address`, and `nslookup address` being vulnerable. **Recommendations** For version 4.14.103-Galleon-NTS-6002.V12 4, consider disabling the Network Tools section of the web-management interface until a patch is available. Restrict access to the input fields `ping address`, `trace address`, and `nslookup address` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.