HIGH
Galsys
CVE published 2022-05-09
CVE-2022-27224
CVE-2022-27224 is an authenticated command-injection flaw in the web-management interface of Galleon NTS-6002-GPS firmware 4.14.103-Galleon-NTS-6002.V12 4. An attacker with valid credentials can abuse shell metacharacters in the Network Tools section to execute commands as root. The affected tools are Ping, Traceroute, and DNS Lookup.