PatchSiren cyber security CVE debrief
CVE-2022-27224 Galsys CVE debrief
CVE-2022-27224 is an authenticated command-injection flaw in the web-management interface of Galleon NTS-6002-GPS firmware 4.14.103-Galleon-NTS-6002.V12 4. An attacker with valid credentials can abuse shell metacharacters in the Network Tools section to execute commands as root. The affected tools are Ping, Traceroute, and DNS Lookup.
- Vendor
- Galsys
- Product
- Galleon NTS-6002-GPS
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2022-05-09
- Original CVE updated
- 2024-11-21
- Advisory published
- 2022-05-09
- Advisory updated
- 2024-11-21
Who should care
Organizations that operate or support Galleon NTS-6002-GPS devices, especially teams managing firmware, remote administration, or exposed management interfaces. Security teams should prioritize any environment where authenticated users can reach the web UI, because the issue can lead to root-level command execution.
Technical summary
The NVD record maps this issue to CWE-78 and lists the attack vector as network with low complexity, but requires high privileges and no user interaction (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). The vulnerable component is the web-management Network Tools functionality, specifically the input fields ping_address, trace_address, and nslookup_address. The issue is described as shell metacharacter injection that can result in commands executing as root on the affected firmware version.
Defensive priority
High. Even though the attacker must be authenticated, successful exploitation can yield root-level execution with full confidentiality, integrity, and availability impact on the device.
Recommended defensive actions
- Check whether any deployed Galleon NTS-6002-GPS devices are running firmware 4.14.103-Galleon-NTS-6002.V12 4 or another affected build.
- Review vendor guidance and the software download/support page for a fixed firmware release or mitigation steps.
- Restrict access to the device web-management interface to trusted administrative networks only.
- Limit who can authenticate to the management UI and review account access for least privilege.
- Monitor for unusual use of the Network Tools section and any unexpected process or command execution on the device.
- If an affected device cannot be updated promptly, consider isolating it from untrusted networks until remediation is available.
Evidence notes
The debrief is based on the supplied CVE record and NVD metadata. The record states that an authenticated attacker can perform command injection as root through shell metacharacters in the Network Tools section, affecting Ping, Traceroute, and DNS Lookup inputs. NVD lists CWE-78 and the CVSS 3.1 vector AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. Published date used for context is 2022-05-09; modified date is 2024-11-21. No exploit instructions are included here.
Official resources
-
CVE-2022-27224 CVE record
CVE.org
-
CVE-2022-27224 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory
-
Mitigation or vendor reference
[email protected] - Product, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
Publicly disclosed on 2022-05-09; NVD record last modified on 2024-11-21. The issue is documented as an authenticated command-injection vulnerability in the device web UI.