CVE-2022-38156

Name of the Vulnerable Software and Affected Versions Kratos SpectralNet device with SpectralNet Narrowband (NB) versions prior to 1.7.5

Description A remote command injection issue exists in the web server of the Kratos SpectralNet device. This issue allows an attacker, with admin user privileges, to send a crafted password and execute Linux commands as the root user.

Recommendations For versions prior to 1.7.5, update to version 1.7.5 or later to resolve the issue. As a temporary workaround, consider restricting admin user access to minimize the risk of exploitation.