Lucene search

TalosCVELIST:CVE-2022-25932

HistoryOct 27, 2022 - 12:00 a.m.

CVE-2022-25932

2022-10-2700:00:00

CWE-284

talos

www.cve.org

inhand networks

inrouter302

v3.5.45

firmware

incomplete fixes

privilege escalation

information disclosure

7.4 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.6%

JSON

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.

CNA Affected

[
  {
    "vendor": "InHand Networks",
    "product": "InRouter302",
    "versions": [
      {
        "version": "V3.5.45",
        "status": "affected"
      }
    ]
  }
]

References

inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf

talosintelligence.com/vulnerability_reports/TALOS-2022-1523