ARRIS TR3300 is an 802.11ac Wi-Fi router from ARRIS U.S.A. A command injection vulnerability exists in ARRIS TR3300, which stems from the upnp_ttl parameter in the upnp function failing to properly filter the construct command special characters, commands, etc. An attacker could exploit this vulnerability to cause arbitrary command execution.