Commscope Arris Tr3300 Firmware vulnerabilities
8 known vulnerabilities affecting commscope/arris_tr3300_firmware.
Total CVEs
8
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL8
Vulnerabilities
Page 1 of 1
CVE-2022-27002P1CRITICALCVSS 9.8Exploitedv1.0.132022-03-15
CVE-2022-27002 [CRITICAL] CWE-77 CVE-2022-27002: Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns functi
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns、ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2022-26999P2CRITICALCVSS 9.8v1.0.132022-03-15
CVE-2022-26999 [CRITICAL] CWE-77 CVE-2022-26999: Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip se
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2022-26998P2CRITICALCVSS 9.8v1.0.132022-03-15
CVE-2022-26998 [CRITICAL] CWE-77 CVE-2022-26998: Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2022-26997P2CRITICALCVSS 9.8v1.0.132022-03-15
CVE-2022-26997 [CRITICAL] CWE-77 CVE-2022-26997: Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp functio
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2022-27001P2CRITICALCVSS 9.8v1.0.132022-03-15
CVE-2022-27001 [CRITICAL] CWE-77 CVE-2022-27001: Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp functi
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2022-27000P2CRITICALCVSS 9.8v1.0.132022-03-15
CVE-2022-27000 [CRITICAL] CWE-77 CVE-2022-27000: Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and tim
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2022-26996P2CRITICALCVSS 9.8v1.0.132022-03-15
CVE-2022-26996 [CRITICAL] CWE-77 CVE-2022-26996: Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe functi
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd
CVE-2022-26995P2CRITICALCVSS 9.8v1.0.132022-03-15
CVE-2022-26995 [CRITICAL] CWE-77 CVE-2022-26995: Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pp
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
nvd