Lucene search
HistoryNov 09, 2022 - 6:15 p.m.
CVE-2022-28689
inhand networks
inrouter302
arbitrary command execution
vulnerability
network requests
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.8%
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
Affected configurations
Node
inhandnetworksir302_firmwareMatch3.5.45
inhandnetworksir302Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| inhandnetworks | ir302_firmware | 3.5.45 | cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.45:*:*:*:*:*:*:* |
| inhandnetworks | ir302 | - | cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:* |
Related
cve
cve
CVE-2022-28689
2022-11-09 18:15:14
cvelist
cvelist
CVE-2022-28689
2022-11-09 17:35:37
talos
talos
prion
prion
Code injection
2022-11-09 18:15:00
talosblog
talosblog
CVSS3
8.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
42.8%
Related for NVD:CVE-2022-28689