CVE-2022-26998

Name of the Vulnerable Software and Affected Versions Arris TR3300 version 1.0.13

Description The issue is related to a command injection vulnerability in the wps setting function. This vulnerability is exploited via the wps enrolee pin parameter, allowing attackers to execute arbitrary commands by sending a crafted request.

Recommendations For Arris TR3300 version 1.0.13, as a temporary workaround, consider restricting access to the wps setting function until a patch is available. Avoid using the wps enrolee pin parameter in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.