Cyber Resilience

CVE-2022-27002

CriticalPublic PoCRCE

Published: 15 March 2022

Published
15 March 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0233 85.2th percentile
Risk Priority 21 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-27002 is a critical-severity Command Injection (CWE-77) vulnerability in Commscope Arris Tr3300 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 14.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

Arris TR3300 firmware version 1.0.13 contains a command injection vulnerability in the ddns function. The flaw is reachable through the ddns_name, ddns_pwd, h_ddns, and ddns_host parameters and is tracked as CVE-2022-27002 with a CVSS 3.1 score of 9.8 and CWE-77.

An unauthenticated attacker can submit a crafted HTTP request over the network to execute arbitrary operating-system commands on the device, resulting in full compromise of confidentiality, integrity, and availability.

The two provided references are identical GitHub disclosures that detail the injection vectors but contain no vendor advisory, patch information, or mitigation guidance. The EPSS score for this CVE rose from a low baseline to a peak of 0.0537 on 2025-01-22 before receding to its current value of 0.0233, indicating a measurable increase in exploitation interest well after the original 2022 disclosure.

EU & UK References

Vulnerability details

Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

commscope
arris tr3300 firmware
1.0.13

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References