CVE-2022-38094

Name of the Vulnerable Software and Affected Versions CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7

Description The issue is related to an OS command injection vulnerability in the telnet function, allowing a remote authenticated attacker to execute arbitrary OS commands. This is due to the lack of measures to neutralize special elements used in the OS command. The exploitation of this issue can enable a remote attacker to execute shell commands on the target system by sending specially crafted data.

Recommendations For CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7, update to a version Ver.3.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the telnet function until a patch is available.