CVE-2022-26996

Name of the Vulnerable Software and Affected Versions Arris TR3300 version 1.0.13

Description The issue is related to a command injection vulnerability in the pppoe function. This vulnerability allows attackers to execute arbitrary commands via a crafted request, specifically through the pppoe username, pppoe passwd, and pppoe servicename parameters.

Recommendations For Arris TR3300 version 1.0.13, consider disabling the pppoe function until a patch is available to prevent exploitation. Restrict access to the pppoe parameters pppoe username, pppoe passwd, and pppoe servicename to minimize the risk of command injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.