Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for nts-6002-gps_firmware by galsys

    CVE-2022-27224 (GCVE-0-2022-27224)

    Vulnerability from nvd – Published: 2022-05-09 14:29 – Updated: 2026-05-22 14:36 Disputed
    VLAI
    Summary
    An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable "authenticated attacker" always also has the supported ability to make an SSH connection as root).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:31.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.galsys.co.uk/support/software-download.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable \"authenticated attacker\" always also has the supported ability to make an SSH connection as root)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T14:36:34.480Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.galsys.co.uk/support/software-download.html"
            },
            {
              "url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf"
            },
            {
              "url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/"
            },
            {
              "url": "https://www.galsys.co.uk/manuals/NTS/NTS-6002-V12-web-config-manual.pdf"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-27224",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.galsys.co.uk/support/software-download.html",
                  "refsource": "MISC",
                  "url": "https://www.galsys.co.uk/support/software-download.html"
                },
                {
                  "name": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf"
                },
                {
                  "name": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/",
                  "refsource": "MISC",
                  "url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-27224",
        "datePublished": "2022-05-09T14:29:56.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2026-05-22T14:36:34.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-27224 (GCVE-0-2022-27224)

    Vulnerability from cvelistv5 – Published: 2022-05-09 14:29 – Updated: 2026-05-22 14:36 Disputed
    VLAI
    Summary
    An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable "authenticated attacker" always also has the supported ability to make an SSH connection as root).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T05:25:31.884Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.galsys.co.uk/support/software-download.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). NOTE: this is disputed by the Supplier because the affected components were never shipped in a production release (they were only present in development releases), and because no privilege boundary is crossed (an applicable \"authenticated attacker\" always also has the supported ability to make an SSH connection as root)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-22T14:36:34.480Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.galsys.co.uk/support/software-download.html"
            },
            {
              "url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf"
            },
            {
              "url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/"
            },
            {
              "url": "https://www.galsys.co.uk/manuals/NTS/NTS-6002-V12-web-config-manual.pdf"
            }
          ],
          "tags": [
            "disputed"
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-27224",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://www.galsys.co.uk/support/software-download.html",
                  "refsource": "MISC",
                  "url": "https://www.galsys.co.uk/support/software-download.html"
                },
                {
                  "name": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf"
                },
                {
                  "name": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/",
                  "refsource": "MISC",
                  "url": "https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-27224",
        "datePublished": "2022-05-09T14:29:56.000Z",
        "dateReserved": "2022-03-15T00:00:00.000Z",
        "dateUpdated": "2026-05-22T14:36:34.480Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }