CVE-2022-27224

Name of the Vulnerable Software and Affected Versions Galleon NTS-6002-GPS version 4.14.103-Galleon-NTS-6002.V12 4

Description An issue was discovered in the Network Tools section of the web-management interface, allowing an authenticated attacker to perform command injection as root via shell metacharacters. The affected tools include Ping, Traceroute, and DNS Lookup, with their respective input fields ping address, trace address, and nslookup address being vulnerable.

Recommendations For version 4.14.103-Galleon-NTS-6002.V12 4, consider disabling the Network Tools section of the web-management interface until a patch is available. Restrict access to the input fields ping address, trace address, and nslookup address to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.