CVE-2022-26995
Published: 15 March 2022
Summary
CVE-2022-26995 is a critical-severity Command Injection (CWE-77) vulnerability in Commscope Arris Tr3300 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Arris TR3300 firmware version 1.0.13 contains a command injection vulnerability in the pptp handling code exposed through wan_pptp.html. Unauthenticated attackers can supply crafted values to the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters, causing the device to execute arbitrary operating-system commands.
Because the affected endpoint is reachable over the network without authentication or user interaction, an attacker who can reach the WAN or LAN interface can obtain full control of the device, including the ability to read or modify configuration, install persistent malware, or pivot into attached networks. The flaw maps to CWE-77 and carries a CVSS 3.1 base score of 9.8.
Public references consist of a detailed technical write-up and proof-of-concept hosted on GitHub; no vendor advisory or firmware patch is referenced in the available materials. The associated EPSS score has remained in a narrow band around 0.13 with only a modest peak, indicating limited observed exploitation interest to date.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-31535
Vulnerability details
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.