Lucene search
TalosCVELIST:CVE-2022-26007HistoryMay 12, 2022 - 5:01 p.m.
CVE-2022-26007
2022-05-1217:01:39
CWE-77
talos
www.cve.org
6
os command injection
inhand networks inrouter302
network request
vulnerability
command execution
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.002
Percentile
55.7%
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CNA Affected
[
{
"product": "InRouter302",
"vendor": "InHand Networks",
"versions": [
{
"status": "affected",
"version": "V3.5.4"
}
]
}
]Related
prion
prion
Command injection
2022-05-12 17:15:00
nvd
nvd
CVE-2022-26007
2022-05-12 17:15:10
cnvd
cnvd
InHand Networks InRouter302 OS Command Injection Vulnerability
2022-05-16 00:00:00
talos
talos
cve
cve
CVE-2022-26007
2022-05-12 17:15:10
talosblog
talosblog
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS
0.002
Percentile
55.7%
Related for CVELIST:CVE-2022-26007