CVE-2022-3086

EUVD-2022-42515
Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable 
to shell escape, which enables local attackers with non-superuser 
credentials to gain full, unrestrictive shell access which may allow an 
attacker to execute arbitrary code.
Command Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
icscertCNA
7.1 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
Affected Products (NVD)
VendorProductVersion
moxauc-8580-t-lx_firmware
1.1
moxauc-8580-t-ct-lx_firmware
1.1
moxauc-8580-t-q-lx_firmware
1.1
moxauc-8580-t-ct-q-lx_firmware
1.1
moxauc-8580-q-lx_firmware
1.1
moxauc-8580-lx_firmware
1.1
moxauc-8540-lx_firmware
1.0 ≤
𝑥
≤ 1.2
moxauc-8540-t-ct-lx_firmware
1.0 ≤
𝑥
≤ 1.2
moxauc-8540-t-lx_firmware
1.0 ≤
𝑥
≤ 1.2
moxauc-8410a-lx_firmware
2.2
moxauc-8410a-nw-lx_firmware
2.2
moxauc-8410a-nw-t-lx_firmware
2.2
moxauc-8410a-t-lx_firmware
2.2
moxauc-8210-t-lx-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx-us-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx-eu-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8220-t-lx-ap-s_firmware
1.0 ≤
𝑥
≤ 2.4
moxauc-8112a-me-t-lx_firmware
1.0
moxauc-8112a-me-t-lx_firmware
1.1
moxauc-8131-lx_firmware
1.2
moxauc-8131-lx_firmware
1.3
moxauc-8132-lx_firmware
1.2
moxauc-8132-lx_firmware
1.3
moxauc-8162-lx_firmware
1.2
moxauc-8162-lx_firmware
1.3
moxauc-8112-lx_firmware
1.2
moxauc-8112-lx_firmware
1.3
moxauc-5101-lx_firmware
1.2
moxauc-5101-t-lx_firmware
1.2
moxauc-5102-lx_firmware
1.2
moxauc-5102-t-lx_firmware
1.2
moxauc-5111-lx_firmware
1.2
moxauc-5111-t-lx_firmware
1.2
moxauc-5112-lx_firmware
1.2
moxauc-5112-t-lx_firmware
1.2
moxauc-3101-t-ap-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3101-t-eu-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3101-t-us-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-ap-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-ap-lx-nw_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-eu-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-eu-lx-nw_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-us-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3111-t-us-lx-nw_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3121-t-ap-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3121-t-eu-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-3121-t-us-lx_firmware
1.2 ≤
𝑥
≤ 2.0
moxauc-2101-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2102-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2104-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2111-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2112-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2114-t-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2114-t-lx_firmware
1.3 ≤
𝑥
≤ 1.5
moxauc-2116-t-lx_firmware
1.3 ≤
𝑥
≤ 1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02
https://www.cisa.gov/uscert/ics/advisories/icsa-22-321-02