What is GHSA-vr3w-v4c5-868f?

GHSA-vr3w-v4c5-868f is a security advisory published by GitHub Security Advisories with High severity. An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...

Which CVE IDs does GHSA-vr3w-v4c5-868f cover?

GHSA-vr3w-v4c5-868f covers the following CVE IDs: CVE-2022-27224. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-vr3w-v4c5-868f?

GHSA-vr3w-v4c5-868f has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-vr3w-v4c5-868fHighCVSS 8.8

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated...

Vendor

GitHub Security Advisories

Published

May 10, 2022

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2022-27224 →

📋 Description

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address).

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2022-27224
https://gist.github.com/somerandomdudeonetheinternet/2caeb201e249160fa82204ef640c8cdf
https://www.galsys.co.uk/support/software-download.html
https://www.pentestpartners.com/security-blog/galleon-nts-6002-gps-command-injection-vulnerability-cve-2022-27224
https://github.com/advisories/GHSA-vr3w-v4c5-868f