Description
The Netcom NTC 6200 and NWL 222 series expose a web interface to be configured and set up by operators. Multiple endpoints of the web interface are vulnerable to arbitrary command injection and use insecure hardcoded passwords. Remote authenticated attackers can gain arbitrary code execution with elevated privileges.
References (1)
Core 1
Core References
Various Sources third-party-advisory
https://www.onekey.com/resource/security-advisory-remote-command-execution-on-netcomm-ntc-6200-and-nwl-222
Scores
CVSS v4
8.6
EPSS
0.0065
EPSS Percentile
46.1%
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-77
Status
published
Products (2)
Netcomm/NTC 6200
Netcomm/NWL-222
< 2.1.21.1
Published
Jun 02, 2025
Tracked Since
Feb 18, 2026