CVE-2022-26997

Name of the Vulnerable Software and Affected Versions Arris TR3300 version 1.0.13

Description The issue is related to a command injection vulnerability in the upnp function via the upnp ttl parameter. This allows attackers to execute arbitrary commands via a crafted request.

Recommendations For Arris TR3300 version 1.0.13, consider restricting access to the upnp function to minimize the risk of exploitation. As a temporary workaround, avoid using the upnp ttl parameter in the affected upnp function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.