CVE-2022-38394
CRITICALCentreCOM AR260S V2 <Ver.3.3.7 - Command Injection
Title source: llmDescription
Use of hard-coded credentials for the telnet server of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote unauthenticated attacker to execute an arbitrary OS command.
References (2)
Core 2
Core References
Mitigation, Vendor Advisory x_refsource_misc
https://www.allied-telesis.co.jp/support/list/faq/vuls/20220829.html
Mitigation, Third Party Advisory x_refsource_misc
https://jvn.jp/en/jp/JVN45473612/index.html
Scores
CVSS v3
9.8
EPSS
0.0091
EPSS Percentile
55.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-798
Status
published
Products (1)
allied-telesis/centrecom_ar260s_firmware
< 3.3.7
Published
Sep 08, 2022
Tracked Since
Feb 18, 2026