CVE-2022-38394

Name of the Vulnerable Software and Affected Versions CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7

Description The issue is related to the use of hard-coded credentials for the telnet server, allowing a remote unauthenticated attacker to execute an arbitrary OS command. This could potentially give an attacker access to sensitive information.

Recommendations For CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7, update to version Ver.3.3.7 or later to resolve the issue. As a temporary workaround, consider disabling the telnet server until a patch is available. Restrict access to the telnet server to minimize the risk of exploitation.