CVE-2022-3086

Name: CVE-2022-3086
Creator: NVD / NIST
Published: 2022-12-02T20:15:13.767+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.6/10EPSS 0.30%

Last modified Jun 17, 2026

CVE-2022-3086 is a high-severity vulnerability rated 7.6/10 on the CVSS scale. Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code. . EPSS estimates a 0.30% chance of exploitation in the next 30 days.

Description

Cradlepoint IBR600 NCOS versions 6.5.0.160bc2e and prior are vulnerable to shell escape, which enables local attackers with non-superuser credentials to gain full, unrestrictive shell access which may allow an attacker to execute arbitrary code.

Metrics

CVSS 3.1

7.6/10

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.30%

21.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-77

Affected Software

Vendor	Product	Versions
Moxa	Uc-8580-T-Lx Firmware	1.1
Moxa	Uc-8580-T-Ct-Lx Firmware	1.1
Moxa	Uc-8580-T-Q-Lx Firmware	1.1
Moxa	Uc-8580-T-Ct-Q-Lx Firmware	1.1
Moxa	Uc-8580-Q-Lx Firmware	1.1
Moxa	Uc-8580-Lx Firmware	1.1
Moxa	Uc-8540-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-8540-T-Ct-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-8540-T-Lx Firmware	>= 1.0, <= 1.2
Moxa	Uc-8410a-Lx Firmware	2.2
Moxa	Uc-8410a-Nw-Lx Firmware	2.2
Moxa	Uc-8410a-Nw-T-Lx Firmware	2.2
Moxa	Uc-8410a-T-Lx Firmware	2.2
Moxa	Uc-8210-T-Lx-S Firmware	>= 1.0, <= 2.4
Moxa	Uc-8220-T-Lx Firmware	>= 1.0, <= 2.4
Moxa	Uc-8220-T-Lx-Us-S Firmware	>= 1.0, <= 2.4
Moxa	Uc-8220-T-Lx-Eu-S Firmware	>= 1.0, <= 2.4
Moxa	Uc-8220-T-Lx-Ap-S Firmware	>= 1.0, <= 2.4
Moxa	Uc-8112a-Me-T-Lx Firmware	1.0
Moxa	Uc-8112a-Me-T-Lx Firmware	1.1
Moxa	Uc-8131-Lx Firmware	1.2
Moxa	Uc-8131-Lx Firmware	1.3
Moxa	Uc-8132-Lx Firmware	1.2
Moxa	Uc-8132-Lx Firmware	1.3
Moxa	Uc-8162-Lx Firmware	1.2
Moxa	Uc-8162-Lx Firmware	1.3
Moxa	Uc-8112-Lx Firmware	1.2
Moxa	Uc-8112-Lx Firmware	1.3
Moxa	Uc-5101-Lx Firmware	1.2
Moxa	Uc-5101-T-Lx Firmware	1.2
Moxa	Uc-5102-Lx Firmware	1.2
Moxa	Uc-5102-T-Lx Firmware	1.2
Moxa	Uc-5111-Lx Firmware	1.2
Moxa	Uc-5111-T-Lx Firmware	1.2
Moxa	Uc-5112-Lx Firmware	1.2
Moxa	Uc-5112-T-Lx Firmware	1.2
Moxa	Uc-3101-T-Ap-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3101-T-Eu-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3101-T-Us-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3111-T-Ap-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3111-T-Ap-Lx-Nw Firmware	>= 1.2, <= 2.0
Moxa	Uc-3111-T-Eu-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3111-T-Eu-Lx-Nw Firmware	>= 1.2, <= 2.0
Moxa	Uc-3111-T-Us-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3111-T-Us-Lx-Nw Firmware	>= 1.2, <= 2.0
Moxa	Uc-3121-T-Ap-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3121-T-Eu-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-3121-T-Us-Lx Firmware	>= 1.2, <= 2.0
Moxa	Uc-2101-Lx Firmware	>= 1.3, <= 1.5
Moxa	Uc-2102-Lx Firmware	>= 1.3, <= 1.5

Showing 50 of 55 affected configurations. See NVD for the full list.

References

Timeline

Published: Dec 2, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2022-3086?

How severe is CVE-2022-3086?

CVE-2022-3086 has a CVSS score of 7.6/10 (HIGH severity). The EPSS model estimates a 0.30% probability of exploitation in the next 30 days.

How do I fix CVE-2022-3086?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-3086?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST