Lucene search
HistoryNov 09, 2022 - 6:15 p.m.
CVE-2022-29481
cve-2022-29481
inhand networks
inrouter302
vulnerability
network requests
security features
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
22.7%
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
Affected configurations
Node
inhandnetworksir302_firmwareMatch3.5.45
inhandnetworksir302Match-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| inhandnetworks | ir302_firmware | 3.5.45 | cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.45:*:*:*:*:*:*:* |
| inhandnetworks | ir302 | - | cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:* |
Related
talos
talos
InHand Networks InRouter302 console nvram leftover debug code vulnerability
2022-10-27 00:00:00
prion
prion
Code injection
2022-11-09 18:15:00
cvelist
cvelist
CVE-2022-29481
2022-11-09 17:35:38
cve
cve
CVE-2022-29481
2022-11-09 18:15:14
talosblog
talosblog
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
0.001
Percentile
22.7%
Related for NVD:CVE-2022-29481