CVE-2022-26999

Name of the Vulnerable Software and Affected Versions Arris TR3300 version 1.0.13

Description The issue is related to a command injection vulnerability in the static IP settings function. This vulnerability allows attackers to execute arbitrary commands via a crafted request, specifically through the wan ip stat, wan mask stat, wan gw stat, and wan dns1 stat parameters.

Recommendations For Arris TR3300 version 1.0.13, as a temporary workaround, consider restricting access to the static IP settings function until a patch is available. Avoid using the wan ip stat, wan mask stat, wan gw stat, and wan dns1 stat parameters in crafted requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.