CVE Vulnerability

CVE-2022-27224

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address).

9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

7.2 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.galsys.co.uk/support/software-download.html Product Vendor Advisory
https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf Third Party Advisory
https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/ Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2022-05-09 03:15

Updated : 2022-10-12 02:44

NVD link : CVE-2022-27224

Mitre link : CVE-2022-27224

Products Affected
No products.
CWE
CWE-78