CVE-2022-3086: Cradlepoint NCOS Command Injection

2022-11-18 17:07:34


An authenticated local user on NetCloud OS (NCOS) versions before 7.22.70 can run a restricted shell escape sequence utilizing an OpenVPN Tunnel Feature that could allow local authenticated user the ability to execute code.



Public Disclosure:


Vulnerability Status:

  • NetCloud Manager: Not Affected
  • NetCloud OS: Affected, Patched July 2022 with release 7.22.70