CVE-2022-27224
Description
An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable "authenticated attacker" always also has the supported ability to make an SSH connection as root).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Galleon/NTS-6002-GPSdescription
Patches
Vulnerability mechanics
References
4- www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/nvdExploitThird Party Advisory
- gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdfnvdThird Party Advisory
- www.galsys.co.uk/support/software-download.htmlnvdProductVendor Advisory
- www.galsys.co.uk/manuals/NTS/NTS-6002-V12-web-config-manual.pdfnvd
News mentions
0No linked articles in our index yet.