CVE-2022-35273

Name of the Vulnerable Software and Affected Versions CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7

Description The issue is related to an OS command injection vulnerability in the GUI setting page, allowing a remote authenticated attacker to execute an arbitrary OS command. This vulnerability exists due to the lack of measures to neutralize special elements used in the OS command. Exploitation of this vulnerability may allow an attacker to execute arbitrary shell commands in the target system by sending specially crafted data.

Recommendations For CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7, update to a version Ver.3.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the GUI setting page to minimize the risk of exploitation.