VYPR
High severity7.2NVD Advisory· Published May 9, 2022· Updated Jun 17, 2026

CVE-2022-27224

CVE-2022-27224

Description

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable "authenticated attacker" always also has the supported ability to make an SSH connection as root).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Galleon/NTS-6002-GPSdescription
  • Galeon/Galeonllm-fuzzy
    Range: 4.14.103-Galleon-NTS-6002.V12

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.