2 matches found
CVE-2022-26007
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26007
CVE-2022-26007 corresponds to an InHand InRouter302 OS command injection in the console factory. A privileged user can pass a crafted token to the factory command (via iwpriv) that is concatenated and passed to system(), enabling arbitrary command execution. Talos details show potential chainabil...