CVE-2022-27002

Name of the Vulnerable Software and Affected Versions Arris TR3300 version 1.0.13

Description A command injection issue was found in the ddns function, allowing attackers to execute arbitrary commands via a crafted request. The vulnerability is exploited through the ddns name, ddns pwd, h ddns, and ddns host parameters.

Recommendations For Arris TR3300 version 1.0.13, as a temporary workaround, consider restricting access to the ddns function until a patch is available. Avoid using the ddns name, ddns pwd, h ddns, and ddns host parameters in the affected function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.