CVE-2022-45701 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2022-45701?

CVE-2022-45701 has a CVSS score of 8.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on Arris TG2482A routers via the ping utility feature. Attackers can gain full control of affected devices without authentication. All users running vulnerable firmware versions are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on Arris TG2482A routers via the ping utility feature. Attackers can gain full control of affected devices without authentication. All users running vulnerable firmware versions are affected.

💻 Affected Systems

Products:

Arris TG2482A

Versions: Through 9.1.103GEM9

Operating Systems: Router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default configuration. Ping utility is typically enabled by default.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of router with ability to intercept/modify all network traffic, deploy malware to connected devices, and establish persistent backdoor access.

🟠

Likely Case

Router takeover leading to DNS hijacking, credential theft, and network surveillance.

🟢

If Mitigated

Limited impact if router is behind firewall with restricted WAN access and ping utility disabled.

🌐 Internet-Facing: HIGH - Directly exploitable from internet if router has WAN management enabled.

🏢 Internal Only: HIGH - Exploitable from local network without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public exploit code available on GitHub and Packet Storm. No authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions after 9.1.103GEM9

Vendor Advisory: http://arris.com

Restart Required: Yes

Instructions:

1. Check current firmware version. 2. Visit Arris support site. 3. Download latest firmware. 4. Upload via router admin interface. 5. Reboot router.

🔧 Temporary Workarounds

Disable Ping Utility

all

Disable the ping utility feature in router administration interface

Restrict WAN Management

all

Disable remote management from WAN interface

🧯 If You Can't Patch

Place router behind firewall with strict inbound rules blocking all unnecessary ports
Implement network segmentation to isolate router from critical systems

🔍 How to Verify

Check if Vulnerable:

Check router firmware version in admin interface. If version is 9.1.103GEM9 or earlier, device is vulnerable.

Check Version:

Login to router admin interface and check System Status or Firmware Information page

Verify Fix Applied:

Verify firmware version is higher than 9.1.103GEM9 after update.

📡 Detection & Monitoring

Log Indicators:

Unusual ping utility usage
Command injection attempts in ping parameters
Unauthorized configuration changes

Network Indicators:

Malformed ping packets to router management interface
Unexpected outbound connections from router

SIEM Query:

source="router" AND (event="ping_utility" OR command_injection OR firmware_change)

📊 Metadata

CVE ID: CVE-2022-45701

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-77

Published: February 17, 2023

Last Updated: March 18, 2025

🔗 References

http://arris.com Product
https://packetstormsecurity.com/files/171001/Arris-Router-Firmware-9.1.103-Remote-Code-Execution.htmlhttps://github.com/yerodin/CVE-2022-45701 Exploit,Third Party Advisory,VDB Entry
http://arris.com Product
https://packetstormsecurity.com/files/171001/Arris-Router-Firmware-9.1.103-Remote-Code-Execution.htmlhttps://github.com/yerodin/CVE-2022-45701 Exploit,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-45701, you might also want to check these: