CVE-2022-34869

Name of the Vulnerable Software and Affected Versions CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7

Description The issue is related to an undocumented hidden command that can be executed from the telnet function, allowing a remote authenticated attacker to execute an arbitrary OS command. This can potentially allow an attacker to elevate their privileges.

Recommendations For CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7, update to a version that is Ver.3.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the telnet function until a patch is available.