Lucene search
TalosCVELIST:CVE-2022-26042HistoryMay 12, 2022 - 5:01 p.m.
CVE-2022-26042
2022-05-1217:01:42
CWE-77
talos
www.cve.org
5
command injection
os
inhand networks
inrouter302 v3.5.4
arbitrary command execution
network request
vulnerability
attacker
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.002
Percentile
55.7%
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CNA Affected
[
{
"product": "InRouter302",
"vendor": "InHand Networks",
"versions": [
{
"status": "affected",
"version": "V3.5.4"
}
]
}
]Related
talos
talos
cnvd
cnvd
prion
prion
Command injection
2022-05-12 17:15:00
cve
cve
CVE-2022-26042
2022-05-12 17:15:10
nvd
nvd
CVE-2022-26042
2022-05-12 17:15:10
talosblog
talosblog
CVSS3
9.9
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
0.002
Percentile
55.7%
Related for CVELIST:CVE-2022-26042