cvedb.io
CVE-2022-27224
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2022-05-09T15:15:07.940 · Last modified 2026-06-17T04:36:31.690

Summary

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable "authenticated attacker" always also has the supported ability to make an SSH connection as root).

Affected products

galsys — nts-6002-gps_firmware

Does this affect you?

Add your gear to cvedb and we'll alert you only when galsys ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.