Cyber Resilience

CVE-2022-26999

CriticalPublic PoCRCE

Published: 15 March 2022

Published
15 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1262 94.1th percentile
Risk Priority 27 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-26999 is a critical-severity Command Injection (CWE-77) vulnerability in Commscope Arris Tr3300 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 5.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Arris TR3300 firmware version 1.0.13 contains a command-injection flaw in its static IP address configuration handler. The vulnerability exists in the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters and is tracked as CVE-2022-26999 with a CVSS 3.1 score of 9.8.

An unauthenticated attacker can submit a crafted HTTP request to the device’s WAN configuration endpoint and execute arbitrary operating-system commands with the privileges of the web server process, resulting in full device compromise. No user interaction or authentication is required, and the attack can be performed over the network.

Public disclosure consists of a technical write-up and proof-of-concept hosted on GitHub that demonstrates the injection vectors; no vendor advisory or firmware patch information is referenced in the available sources. The EPSS score has remained in the 0.12–0.14 range without a pronounced post-disclosure increase.

EU & UK References

Vulnerability details

Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

commscope
arris tr3300 firmware
1.0.13

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References